Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'gtydf' = 'iisca.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inf[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\late[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inf2[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\info[1].txt
- <SYSTEM32>\iisca.exe
- <DRIVERS>\qias.tx
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\more[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\late[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inf2[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inf[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\more[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\info[1].txt
- 're####eforlife.com':80
- 'ho###anor.com':80
- 'ca###uk.co.uk':80
- 'st######ningservice.com.au':80
- 'in######iprojects.com.au':80
- 'in###ech.net':80
- re####eforlife.com/images/inf.txt
- ho###anor.com/images/late.txt
- ca###uk.co.uk/inf2.txt
- st######ningservice.com.au/images/more.txt
- in######iprojects.com.au/images/more.txt
- in###ech.net/images/buttons/info.txt
- DNS ASK re####eforlife.com
- DNS ASK ho###anor.com
- DNS ASK ca###uk.co.uk
- DNS ASK st######ningservice.com.au
- DNS ASK in######iprojects.com.au
- DNS ASK in###ech.net