Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TcpIpCfg' = 'Rundll32 "%APPDATA%\pddpmyw.dll" MainThread'
- '<SYSTEM32>\cmd.exe' /c pvbcyqx.bat
- '<SYSTEM32>\rundll32.exe' "%APPDATA%\pddpmyw.dll" MainThread
- %APPDATA%\ini.ini
- <Текущая директория>\pvbcyqx.bat
- %APPDATA%\pddpmyw.dll
- 'www.ji###ng169.jp':80
- 'www.to###i002.com':80
- 'pr#####.hatena.ne.jp':80
- 'localhost':1042
- www.ji###ng169.jp/2.jpg?cv#####
- www.to###i002.com/getp.asp?MA################################
- pr#####.hatena.ne.jp/kakakukaka/
- pr#####.hatena.ne.jp/fgjkiuii888/
- DNS ASK www.ji###ng169.jp
- DNS ASK www.to###i002.com
- DNS ASK pr#####.hatena.ne.jp
- ClassName: 'Indicator' WindowName: ''