Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MicrowindowSearch' = '<SYSTEM32>\MicrowindowSearch\MicrowindowSearch.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'up####.mylinks.kr':80
- 'localhost':1040
- 'co#####.#icrowindowsearch.com':80
- up####.mylinks.kr/MicrowindowSearch/MicrowindowSearch.ts2
- up####.mylinks.kr/MicrowindowSearch/MicrowindowSearch.ts3
- co#####.#icrowindowsearch.com/analysis/live.php?uq##################
- DNS ASK up####.mylinks.kr
- DNS ASK co#####.#icrowindowsearch.com