Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'hivew' = '<SYSTEM32>\rundll32.exe %TEMP%\2516872438don.dll,Set1'
- <SYSTEM32>\cmd.exe /c ""%TEMP%\d.bat" "
- <SYSTEM32>\rundll32.exe %TEMP%\2516872438don.dll,Set1
- %TEMP%\3.log
- %TEMP%\d.bat
- %TEMP%\2516872438don.dll
- 'pc.##bbne.cn':80
- 'www.ff###ame.com':80
- pc.##bbne.cn/tti.txt
- www.ff###ame.com/xzz/get.asp
- DNS ASK pc.##bbne.cn
- DNS ASK www.ff###ame.com
- ClassName: 'Indicator' WindowName: ''