Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Adiliwut' = 'ihotunib.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Adiliwut' = 'ihotunib.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'fasdqwdwq' = 'C:\WINNT\SYSTEM32\ikusefote.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Adiliwut' = 'ihotunib.exe'
- <SYSTEM32>\ihotunib.exe
- C:\WINNT\SYSTEM32\imaxavos.exe
- C:\WINNT\SYSTEM32\ikusefote.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\b[1].php1134
- C:\gadfgds
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\b[1].php
- C:\WINNT\SYSTEM32\imaxavos.exe
- C:\WINNT\SYSTEM32\ikusefote.exe
- <SYSTEM32>\ihotunib.exe
- '69.##.235.226':80
- 'fb####.dynalias.net':80
- 'localhost':1036
- '20#.#3.55.28':9000
- fb####.dynalias.net/b.php?11##
- 69.##.235.226/b.php1134
- DNS ASK fb####.dynalias.net
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''