Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe rundll32.exe drhg.ipo iedtcbo'
- %TEMP%\DTAgent_loader_0.4.exe
- %TEMP%\svchost.exe
- <SYSTEM32>\drhg.ipo
- %TEMP%\dt_loader.ini
- %TEMP%\1.tmp
- %TEMP%\svchost.exe
- %TEMP%\DTAgent_loader_0.4.exe
- %TEMP%\svchost.exe
- 'ni###group.in':80
- ni###group.in/z/bb.php?v=#############################
- DNS ASK ni###group.in
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''