Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MultiAddress.exe' = '%PROGRAM_FILES%\\MulAdreess\MultiAddress.exe'
- '%PROGRAM_FILES%\MulAdreess\MultiAddress.exe'
- '%PROGRAM_FILES%\MulAdreess\MultiAddress.exe' (загружен из сети Интернет)
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /tn "" /tr "\"%PROGRAM_FILES%\\MulAdreess\MultiAddress.exe"\" /rl highest
- ClassName: '' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: '' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass' WindowName: ''
- ClassName: '' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'GBDYLLO' WindowName: ''
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: 'FilemonClass' WindowName: ''
- ClassName: 'pediy06' WindowName: ''
- <SYSTEM32>\asupk3.exe
- %PROGRAM_FILES%\MulAdreess\uninstall_MultiAddress.exe
- %PROGRAM_FILES%\MulAdreess\MultiAddress.exe
- 'bl#.pe.kr':80
- bl#.pe.kr/pgm2/uninstall_MultiAddress.exe
- bl#.pe.kr/pgm2/install_aaa.exe
- bl#.pe.kr/_adm/ctrl/info_bl2.php
- bl#.pe.kr/pgm2/MultiAddress.exe
- bl#.pe.kr/_adm/ctrl/sq_bl2.php?m=###################
- DNS ASK bl#.pe.kr
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: '18467-41' WindowName: ''