Техническая информация
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows' = '%APPDATA%\system32\winlogon.exe'
- %TEMP%\1192.exe
- %TEMP%\builded.exe
- %TEMP%\stub1.exe
- %APPDATA%\system32\winlogon.exe
- %APPDATA%\system32\set.bin
- C:\users\public\strt.bat
- http://re######.ngz-gameserver.de/index.html
- http://an#####net.an.funpic.de/Webpanel/ip.php
- http://an#####net.an.funpic.de/Webpanel/connect.php
- DNS ASK an#####net.an.funpic.de
- DNS ASK im####aster.co.cc
- DNS ASK re######.ngz-gameserver.de
- '%TEMP%\1192.exe'
- '%TEMP%\builded.exe'
- '%TEMP%\stub1.exe'
- '%APPDATA%\system32\winlogon.exe'
- '<SYSTEM32>\cmd.exe' /c C:\Users\Public\strt.bat' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%APPDATA%\system32\winlogon.exe"
- '<SYSTEM32>\cmd.exe' /c C:\Users\Public\strt.bat