Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%APPDATA%\FjqjKLOUq1RSnHDU\UZC7j8mfvEfw.exe",explorer.exe'
- %TEMP%\332F8.dmp
- %TEMP%\UZC7j8mfvEfwMEs6
- %TEMP%\7yp16k1yl57LHOp8
- %APPDATA%\FjqjKLOUq1RSnHDU\UZC7j8mfvEfw.exe
- %TEMP%\4rDyiQSKQWCYIcyC.dll
- %TEMP%\dw.log
- %APPDATA%\FjqjKLOUq1RSnHDU\UZC7j8mfvEfw.exe
- 'dm##eb.eu':80
- dm##eb.eu/Newtonsoft.Json.dll
- DNS ASK dm##eb.eu
- ClassName: 'Shell_TrayWnd' WindowName: ''