Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe svchostw.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\suc[1].php
- <SYSTEM32>\svchostw.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\suc[1].php
- 'zx####tportal.com':80
- 'f-####oftportal.com':80
- zx####tportal.com/suc.php
- f-####oftportal.com/suc.php
- DNS ASK zx####tportal.com
- DNS ASK f-####oftportal.com
- '<IP-адрес в локальной сети>':1035