Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'services' = '%APPDATA%\Roaming\services.exe'
- '%APPDATA%\Roaming\services.exe'
- '<SYSTEM32>\wermgr.exe' -queuereporting
- %APPDATA%\Roaming\services.exe
- %TEMP%\~DFCB87F4A346BD52F1.TMP
- %TEMP%\~DF8F11E0374A6C201A.TMP
- 'io###zus.com':80
- '20#.#8.63.226':80
- io###zus.com/duck/push.php
- 20#.#8.63.226/duck/push.php
- DNS ASK io###zus.com
- ClassName: 'Indicator' WindowName: ''