Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'QuickDomainSearch.exe' = '%PROGRAM_FILES%\QuickDomainSearch\QuickDomainSearch.exe'
- %PROGRAM_FILES%\QuickDomainSearch\QuickDomainSearch.exe (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c <Текущая директория>\$2s3d.bat
- <SYSTEM32>\schtasks.exe /create /sc onlogon /tn "QuickAddressSearch" /tr "\"%PROGRAM_FILES%\QuickDomainSearch\QuickDomainSearch.exe"\" /rl highest
- <Текущая директория>\$2s3d.bat
- %PROGRAM_FILES%\QuickDomainSearch\QuickDomainSearch.exe
- %PROGRAM_FILES%\QuickDomainSearch\ar.dat
- 'ju##ip.com':80
- 'qu####ddress.co.kr':80
- qu####ddress.co.kr/check/check.php?m=##################
- ju##ip.com/t_ptr/awrite.php?pt##
- qu####ddress.co.kr/upload2/QuickDomainSearch.exe
- qu####ddress.co.kr//troute/earse_easy.php
- qu####ddress.co.kr/troute/trout_up.php
- DNS ASK ju##ip.com
- DNS ASK qu####ddress.co.kr