Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XXX_252CB07B' = '%WINDIR%\GTFA889AE\system32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{12d6f312-b0f6-11d0-94ab-0080c74c7e95}] 'StubPath' = '"%WINDIR%\GTFA889AE\system32.exe" /AX'
- '%WINDIR%\GTsystem.sys' "/Network" "%WINDIR%\GTFA889AE\system32.exe"
- '%WINDIR%\GTFA889AE\system32.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Temp0.bat" "
- %WINDIR%\GTsystem.KInf
- %TEMP%\Temp0.bat
- %WINDIR%\GTFA889AE\system32.exe
- %WINDIR%\GTsystem.sys
- 'ip#.##t.gg-team.net':9910
- '17#.#39.217.151':9910
- 'sh#####1004.gnway.net':9910
- 'gg####2024.gnway.cc':9910
- 'gg####2014.vicp.cc':9910
- DNS ASK sh#####1004.gnway.net
- DNS ASK ip#.##t.gg-team.net
- DNS ASK gg####2024.gnway.cc
- DNS ASK gg####2014.vicp.cc