Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'sqlwriter' = '"<LS_APPDATA>\sqlwriter.exe"'
- <LS_APPDATA>\ziptmp.zip
- %TEMP%\Temporary Directory 1 for ziptmp.zip\sqlwriter.exe
- <LS_APPDATA>\sqlwriter.exe
- <LS_APPDATA>\ziptmp.zip
- '20#.#6.232.182':80
- '<LOCALNET>.0.236':2318
- 'ae#1.tk':2318
- 'ae#2.tk':2318
- 'ae#3.tk':2318
- 'ae#4.tk':2318
- 'ae#5.tk':2318
- 'ae#6.tk':2318
- 'ae#7.tk':2318
- 'ae#8.tk':2318
- DNS ASK www.microsoft.com
- DNS ASK ae#1.tk
- DNS ASK ae#2.tk
- DNS ASK ae#3.tk
- DNS ASK ae#4.tk
- DNS ASK ae#5.tk
- DNS ASK ae#6.tk
- DNS ASK ae#7.tk
- DNS ASK ae#8.tk
- '<LS_APPDATA>\sqlwriter.exe'