Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Policies' = '<SYSTEM32>\coredx10.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Policies' = '<SYSTEM32>\coredx10.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Security Center' = '<SYSTEM32>.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\Windows Security Center.exe
- Средство контроля пользовательских учетных записей (UAC)
- %TEMP%\Kor.dat
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\bind[1].ini
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\bind[1].ini
- <SYSTEM32>.exe
- <SYSTEM32>\coredx10.exe
- %TEMP%\Kor.dat
- %TEMP%\Kor.dat
- %TEMP%\Kor.dat
- 'go#####analytics.com':80
- 'ga###deo.xyz':80
- http://ga###deo.xyz/conf/bind.ini
- http://www.go#####analytics.com/collect via go#####analytics.com
- DNS ASK www.go#####analytics.com
- DNS ASK ga###deo.xyz
- '<SYSTEM32>.exe'