Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'premium' = '<SYSTEM32>\igfxtrai.exe'
- <SYSTEM32>\shacrypt.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\apx[1].txt
- <SYSTEM32>\shacrypt.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\darknigh[1].exe
- <DRIVERS>\etc\hosts
- '20#.#35.164.79':80
- '21#.#27.233.242':80
- 'pr#####gd.dnsdojo.org':80
- 'www.tr######ivefishecuador.com':80
- 'localhost':1037
- 21#.#27.233.242/images/apache.txt
- 20#.#35.164.79/images/manual/apx.txt
- pr#####gd.dnsdojo.org/.../darknigh.exe
- www.tr######ivefishecuador.com/plugins/system/appss.php
- DNS ASK pr#####gd.dnsdojo.org
- DNS ASK www.tr######ivefishecuador.com
- '<IP-адрес в локальной сети>':1036