Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'KB00971843.exe' = '"%APPDATA%\Roaming\KB00971843.exe"'
- '%APPDATA%\Roaming\KB00971843.exe'
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\WININET.dll",DispatchAPICall 1
- <SYSTEM32>\rundll32.exe
- %TEMP%\exp8D50.tmp.bat
- %APPDATA%\Roaming\KB00971843.exe
- '19#.#67.29.136':8080
- '67.##7.129.95':8080
- '17#.#43.234.138':8080
- '19#.#4.219.226':8080
- '41.##3.18.120':8080
- '18#.#37.17.180':8080
- '88.##8.135.227':8080
- '91.##1.30.185':8080
- '85.#4.66.2':8080
- '88.##1.130.98':8080
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Indicator' WindowName: '(null)'