Техническая информация
- '<Текущая директория>\red_color.exe'
- '<SYSTEM32>\ping.exe' -n 0127.0.0.1
- '<SYSTEM32>\cmd.exe' /c %TEMP%\SD.bat
- %TEMP%\aut2.tmp
- %TEMP%\red_1.wav
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\user[1].php
- %TEMP%\red.wav
- <Текущая директория>\red_color.exe
- %TEMP%\SD.bat
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'www.or##.org.il':80
- 'fo###.enativ.com':80
- www.or##.org.il/WarningMessages/alerts.json
- fo###.enativ.com/red_color/red1.php
- fo###.enativ.com/red_color/user.php?se###############
- fo###.enativ.com/red_color/red.php
- DNS ASK www.or##.org.il
- DNS ASK fo###.enativ.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'