Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%APPDATA%\Isass.exe'
- '%APPDATA%\Isass.exe' /AutoIt3ExecuteScript "%TEMP%\delphi.a3x"
- '%APPDATA%\Isass.exe'
- '<SYSTEM32>\cmd.exe' /C echo. > "%APPDATA%\Isass.exe":Zone.Identifier
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\google[1]
- %APPDATA%\Isass.exe:Zone.Identifier
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\fd8fsd4kds[1].php
- %APPDATA%\0FC642D13BFA6FE5F1862CFC0D769558
- %APPDATA%\Isass.exe
- %TEMP%\pdata.dat
- %TEMP%\aut1.tmp
- %TEMP%\delphi.a3x
- %TEMP%\aut2.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'ap####aydealer.com':80
- '74.##5.232.51':80
- http://ap####aydealer.com/images/fd8fsd4kds.php?p=#############################################################################
- http://google.com/ via 74.##5.232.51
- DNS ASK ap####aydealer.com
- DNS ASK google.com