Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Control' = '%APPDATA%\Roaming\Control.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'update' = '%APPDATA%\Roaming\update.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Servicios' = '%APPDATA%\Roaming\Servicios.exe'
- '%APPDATA%\Roaming\Control.exe' %TEMP%\setup.exe
- '%TEMP%\setup.exe'
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\data[1].php
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\MZ%D1%92[1]
- %APPDATA%\Roaming\Control.exe
- %TEMP%\setup.exe
- %TEMP%\setup.exe
- <DRIVERS>\etc\hosts
- 'www.im#.#aradura.us':80
- 'ge###tool.com':80
- 'localhost':50052
- www.im#.#aradura.us/imagenes/wallpaper/MZ?
- ge###tool.com/data.php
- DNS ASK www.im#.#aradura.us
- DNS ASK ge###tool.com
- ClassName: 'EDIT' WindowName: '(null)'