Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'KB01321295.exe' = '"%APPDATA%\KB01321295.exe"'
- %APPDATA%\KB01321295.exe
- <SYSTEM32>\cscript.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\in[1].htm
- %TEMP%\exp1.tmp.bat
- %APPDATA%\KB01321295.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\in[1].htm
- '18#.#0.0.138':8080
- '21#.#7.171.186':8080
- '41.##8.5.140':8080
- '21#.#4.197.66':8080
- '18#.#06.189.124':8080
- '95.##2.167.193':8080
- '91.##1.103.143':8080
- '11#.#11.111.1':80
- '20#.#69.13.84':8080
- '18#.#35.150.72':8080
- '85.##4.204.32':8080
- '21#.#6.23.100':8080
- '19#.#1.107.70':8080
- '12#.#9.103.198':8080
- '97.##.75.172':8080
- '21#.#4.250.173':8080
- DNS ASK 91.###.154.199 8080
- ClassName: 'Indicator' WindowName: ''