Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Proxy' = '%APPDATA%\Proxy.exe'
- '<SYSTEM32>\wscript.exe' "C:\Proxy.vbs"
- '<SYSTEM32>\cmd.exe' /c C:\Start.bat
- %TEMP%\enviadedemail.tmp
- C:\Conf.txt
- <DRIVERS>\etc\hostsj
- C:\Proxy.vbs
- C:\Start.bat
- %APPDATA%\Proxy.exe
- %APPDATA%\Proxy.exe
- C:\Start.bat
- C:\Proxy.vbs
- <DRIVERS>\etc\hosts
- 'ws###s.kilu.biz':80
- 'localhost':1041
- 'ar#####bcasas.kilu.biz':80
- ws###s.kilu.biz/eul.txt
- ar#####bcasas.kilu.biz/noti.php?pc#############
- DNS ASK ws###s.kilu.biz
- DNS ASK ar#####bcasas.kilu.biz
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Indicator' WindowName: ''