Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%HOMEPATH%\getting32.exe -ns'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%HOMEPATH%\getting32.exe -ns'
- '%HOMEPATH%\getting32.exe'
- '<SYSTEM32>\netsh.exe' firewall add portopening TCP 80 HTTP
- %HOMEPATH%\getting32.exe
- 'no###ad.h18.ru':80
- no###ad.h18.ru/write.php
- DNS ASK no###ad.h18.ru
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'TForm1' WindowName: 'Update'