Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\MalwareAnalyser] 'Start' = '00000002'
- <SYSTEM32>\net1.exe start
- <SYSTEM32>\systeminfo.exe
- <SYSTEM32>\ipconfig.exe /all
- <SYSTEM32>\net1.exe start MalwareAnalyser
- <SYSTEM32>\cmd.exe /c RunDll.bat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVQDA70J\MZђ[1]
- <Текущая директория>\MZђ
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SLO9SJK5\katria[1].htm
- <SYSTEM32>\RunDll.bat
- <SYSTEM32>\Sysinfo.txt
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2LM5OP\litmus[1].php
- 'fi##ez9.com':80
- '74.##5.232.51':80
- fi##ez9.com/Cord/Dock/MZ?
- fi##ez9.com/Cord/litmus.php?sy#######################
- fi##ez9.com/Cord/katria.php
- DNS ASK fi##ez9.com
- DNS ASK google.com
- ClassName: '' WindowName: 'The Wireshark Network Analyzer'