Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'agpsvc' = '<SYSTEM32>\AGPSVCS.EXE'
- %TEMP%\Updater.exe
- <SYSTEM32>\AGPSVCS.EXE
- %TEMP%\Binder.exe
- <SYSTEM32>\tskill.exe liveplus
- <SYSTEM32>\cmd.exe /c ""%HOMEPATH%\Local Settings\deleteme.bat" "
- <SYSTEM32>\AGPSVCS.EXE
- %HOMEPATH%\Local Settings\deleteme.bat
- %TEMP%\Binder.exe
- %TEMP%\Updater.exe
- %TEMP%\Binder.exe
- %TEMP%\Updater.exe
- 'www.cl###monster.kr':80
- 'www.sd###s5h.asia':80
- www.cl###monster.kr/control/control_delete.php?pt###################
- www.sd###s5h.asia/list/5h.TXT
- DNS ASK www.cl###monster.kr
- DNS ASK www.sd###s5h.asia
- ClassName: 'Indicator' WindowName: ''