Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'admin.exe' = '%APPDATA%\admin.exe'
- <SYSTEM32>\cmd.exe /c "%APPDATA%\del.bat "
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gate[1].php
- %APPDATA%\del.bat
- %APPDATA%\admin.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gate[1].php
- 'fo####ugingreen.in':80
- 'pu###nsgopa.in':80
- 'mi####kitools.in':80
- 'kr###doping.in':80
- 'kj###rwer.in':80
- fo####ugingreen.in/ico/gate.php?ge###################
- pu###nsgopa.in/ico/gate.php?ge###################
- mi####kitools.in/ico/gate.php?ge###################
- kr###doping.in/ico/gate.php?ge###################
- kj###rwer.in/ico/gate.php?ge###################
- DNS ASK mi####kitools.in
- DNS ASK fo####ugingreen.in
- DNS ASK pu###nsgopa.in
- DNS ASK kr###doping.in
- DNS ASK kj###rwer.in
- '<IP-адрес в локальной сети>':1037
- ClassName: 'Indicator' WindowName: ''