Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Window Update' = '%WINDIR%\wupdate.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\lenh[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\lenh[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\trojan[1].txt
- %WINDIR%\wupdate.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\lenh[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\lenh[1].txt
- 'in####vang.com.vn':80
- 'lo##.#hatnghe.vn':80
- in####vang.com.vn/lenh.txt
- lo##.#hatnghe.vn/trojan.txt
- DNS ASK in####vang.com.vn
- DNS ASK lo##.#hatnghe.vn