Техническая информация
- '%TEMP%\2d392.tmp'
- %TEMP%\31f8f.exe
- <Полный путь к вирусу>
- %TEMP%\2d392.tmp
- 'wi####faster.co.kr':80
- 'up####.nkdb.co.kr':80
- wi####faster.co.kr/settle.php?st#####################################
- up####.nkdb.co.kr/version/except/excp_com
- DNS ASK wi####faster.co.kr
- DNS ASK up####.nkdb.co.kr
- ClassName: '#32770' WindowName: 'windowfaster'