Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SPP' = '%WINDIR%\winsxx\srnss.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\videoex] 'ImagePath' = '%WINDIR%\videoex.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\videoex] 'Start' = '00000002'
- '<SYSTEM32>\cmd.exe' /c ""c:\stealth.bat" "
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\winsxx\srnss.exe
- '<SYSTEM32>\cmd.exe' /c ""c:\stealth1.bat" "
- '%WINDIR%\d.exe' -install -712 -safe
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\DelKillProc1.bat" "
- %TEMP%\temp.dat
- C:\stealth1.bat
- C:\stealth.bat
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\frx2.kro[1]
- %WINDIR%\d.exe
- %WINDIR%\videoex.sys
- %WINDIR%\DelKillProc1.bat
- %WINDIR%\d.exe
- %TEMP%\temp.dat
- '10#.#.251.144':30000
- 'fr##.kro.kr':80
- 'localhost':1038
- http://fr##.kro.kr/
- DNS ASK fr##.kro.kr