Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Window modus' = '%ALLUSERSPROFILE%\Application Data\Window modus\Window modus.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\WindowmodusUpdateService] 'Start' = '00000002'
- '<SYSTEM32>\sc.exe' start WindowmodusUpdateService
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\Windowmodus[1].exe
- %ALLUSERSPROFILE%\Application Data\Window modus\Window modus.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ServiceReport[1].php
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\ServiceReport[1].php
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\ServiceReport[1].php
- 'localhost':1039
- 'di####keyword.co.kr':80
- 'localhost':1036
- di####keyword.co.kr/update/Windowmodus.exe
- di####keyword.co.kr/daemon/ServiceReport.php?m=################
- di####keyword.co.kr/daemon/ServiceReport.php?m=###################
- DNS ASK di####keyword.co.kr