Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1e6f17d9' = '%APPDATA%\1e6f17d9.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1e6f17d' = 'C:\1e6f17d9\1e6f17d9.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\1e6f17d9.exe
- Компонент восстановления системы (SR)
- '<SYSTEM32>\vssadmin.exe' Delete Shadows /All /Quiet
- '<SYSTEM32>\svchost.exe' netsvcs
- '%WINDIR%\explorer.exe'
- <SYSTEM32>\svchost.exe
- %APPDATA%\1e6f17d9.exe
- C:\1e6f17d9\1e6f17d9.exe
- 'cu###yip.com':80
- 'my####rnalip.com':80
- 'ip##ddr.es':80
- http://cu###yip.com/
- http://my####rnalip.com/raw
- http://ip##ddr.es/
- DNS ASK cu###yip.com
- DNS ASK z-#n.ru
- DNS ASK ip##ddr.es
- DNS ASK my####rnalip.com
- ClassName: 'Indicator' WindowName: ''