Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%APPDATA%\Isass.exe'
- '%APPDATA%\Isass.exe' /AutoIt3ExecuteScript "%TEMP%\delphi.dat"
- '%APPDATA%\Isass.exe'
- '<SYSTEM32>\cmd.exe' /C echo. > "%APPDATA%\Isass.exe":Zone.Identifier
- %APPDATA%\Isass.exe
- %APPDATA%\07E721AE1943BE7380C25530D4BE8A21
- %APPDATA%\Isass.exe:Zone.Identifier
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\redpirate[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\google[1]
- %TEMP%\pdata.dat
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\delphi.dat
- %TEMP%\delphi.bin
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 're####rdpirates.com':80
- '74.##5.232.51':80
- http://re####rdpirates.com/redpirate.php?p=#################################################################################################################
- http://google.com/ via 74.##5.232.51
- DNS ASK re####rdpirates.com
- DNS ASK google.com