Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Updater GPI' = '%TEMP%\GPIupdater.exe'
- %TEMP%\BotnetSnake.exe
- %TEMP%\winlogon.exe
- %TEMP%\plUFq.exe
- <SYSTEM32>\notepad.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\CSC1.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe /noconfig /fullpaths @"%TEMP%\ilhyqfsh.cmdline"
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %TEMP%\winlogon.exe
- %TEMP%\GPIupdater.exe
- %TEMP%\BotnetSnake.exe
- %TEMP%\217E3.dmp
- %TEMP%\dw.log
- %TEMP%\plUFq.exe
- %TEMP%\ilhyqfsh.cmdline
- %TEMP%\ilhyqfsh.0.cs
- %TEMP%\ilhyqfsh.out
- %TEMP%\RES2.tmp
- %TEMP%\CSC1.tmp
- %TEMP%\ilhyqfsh.out
- %TEMP%\ilhyqfsh.cmdline
- %TEMP%\ilhyqfsh.0.cs
- %TEMP%\RES2.tmp
- %TEMP%\CSC1.tmp
- 'localhost':1604
- 'bo#####lients.zapto.org':1604
- DNS ASK bo#####lients.zapto.org
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Indicator' WindowName: ''
- ClassName: '18467-41' WindowName: ''