Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DateChange' = '%APPDATA%\DateChange\DateChange.exe'
- DateChange.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\gate[1].htm
- %APPDATA%\DateChange\DateChange.exe
- '18#.#2.189.134':80
- http://18#.#2.189.134/website/gate.php
- '%APPDATA%\DateChange\DateChange.exe'
- '<Полный путь к файлу>'