Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\15544] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\15544] 'ImagePath' = '%WINDIR%\system\155447.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '\' = '%WINDIR%\system\155447.exe:*:Enabled:KL'
- [<HKCU>\Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar]
- [<HKCU>\Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar]
- [<HKCU>\Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar]
- [<HKCU>\Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar]
- [<HKCU>\Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar]
- [<HKCU>\Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar]
- [<HKCU>\Software\RIT\The Bat!]
- %WINDIR%\web\result.dark
- %WINDIR%\web\ddid
- %WINDIR%\web\ddnm
- %WINDIR%\web\ddsn
- %WINDIR%\system\155447.exe
- '19#.#05.240.212':80
- DNS ASK di###0rk.net
- DNS ASK di###work.net
- '%WINDIR%\system\155447.exe' /start
- '%WINDIR%\system\155447.exe'