Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'System32' = '%ALLUSERSPROFILE%\Application Data\-habeys.exe'
- %ALLUSERSPROFILE%\Application Data\command.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\command[1].txt
- %ALLUSERSPROFILE%\Application Data\CRNJEUFU-return.sys
- %ALLUSERSPROFILE%\Application Data\command.txt
- 'www.ho#####shionline.net':80
- 'localhost':1038
- 'ft#.####afushionline.net':21
- www.ho#####shionline.net/tsip/command.txt
- DNS ASK www.ho#####shionline.net
- DNS ASK ft#.####afushionline.net
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Indicator' WindowName: ''