Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Yjbryc] 'Start' = '00000002'
- C:\AppleFile Check Version.exe
- C:\server.exe
- %WINDIR%\regedit.exe /s "%TEMP%\143906_lang.reg"
- <SYSTEM32>\svchost.exe -k netsvcs
- %WINDIR%\regedit.exe /s "%TEMP%\136453_lang.reg"
- %WINDIR%\explorer.exe http://ha###rs5.co1.kr
- %WINDIR%\regedit.exe /e "%TEMP%\136453_lang.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost"
- <SYSTEM32>\dllcache\Yjbrycex.dll
- %TEMP%\148546_res.tmp
- <SYSTEM32>\Yjbrycex.dll_lang.ini
- <SYSTEM32>\Yjbrycex.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\hackers5.co1[1]
- C:\AppleFile Check Version.exe
- C:\server.exe
- %TEMP%\143906_lang.reg
- %TEMP%\136453_lang.reg
- %TEMP%\148546_res.tmp
- C:\server.exe
- %TEMP%\136453_lang.reg
- %TEMP%\143906_lang.reg
- 'ha###rs5.co1.kr':80
- 'hm####57.codns.com':80
- 'th######53.dothome.co.kr':80
- 'localhost':1038
- ha###rs5.co1.kr/
- th######53.dothome.co.kr/applefile.txt
- DNS ASK hm####57.codns.com
- DNS ASK ha###rs5.co1.kr
- DNS ASK th######53.dothome.co.kr
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: ''