Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\SidebarUpdater.lnk
- '' (загружен из сети Интернет)
- f.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\PWD[1].jpg
- %TEMP%\gZt.exe
- %APPDATA%\gZtwDtVRWN.exe
- %TEMP%\contemp.exe
- %TEMP%\3.exe
- %TEMP%\aut1.tmp
- %TEMP%\f.exe
- %TEMP%\aut2.tmp
- %APPDATA%\gZtwDtVRWN.exe
- %TEMP%\f.exe
- %TEMP%\contemp.exe
- %APPDATA%\gZtwDtVRWN.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %APPDATA%\gZtwDtVRWN.exe
- 'ap#.#pify.org':443
- 'sm##.gmail.com':587
- 'di####upload.site':80
- 'wp#d':80
- http://11#.#11.111.2/wpad.dat via wp#d
- http://di####upload.site/PWD.jpg
- DNS ASK ap#.#pify.org
- DNS ASK sm##.gmail.com
- DNS ASK di####upload.site
- DNS ASK wp#d
- '%TEMP%\gZt.exe'
- '%TEMP%\contemp.exe' all -oN
- '%TEMP%\3.exe'
- '%TEMP%\f.exe'
- '<SYSTEM32>\cmd.exe' /cEcho off & del /q %TEMP%\contemp.exe & Exit