Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winupdate' = '<SYSTEM32>\smass.exe'
- <SYSTEM32>\smass.exe
- <SYSTEM32>\umm\cmd.sys
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\request[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\request[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\request[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\request[1].php
- <SYSTEM32>\smass.exe
- <SYSTEM32>\umm\keylog.txt
- <SYSTEM32>\umm\online.sys
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\request[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\request[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\request[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\request[1].php
- <SYSTEM32>\umm\online.sys
- <SYSTEM32>\umm\cmd.sys
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\request[2].php
- 'al##007.com':80
- 'localhost':1035
- al##007.com/ahs/request.php?do#####################################################
- al##007.com/ahs/request.php?do############################
- al##007.com/ahs/request.php?do######################################################
- DNS ASK al##007.com