Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winupdate1' = '"<LS_APPDATA>/winupdate1.exe"'
- <LS_APPDATA>\p2.txt
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\p2[1].txt
- <LS_APPDATA>\winupdate1.exe
- 'www.cl#####obrakolping.com':80
- 'www.mt#####solutions.com':80
- 'www.go###e.com.br':80
- www.cl#####obrakolping.com/p2.txt
- www.mt#####solutions.com/sita/index.php/sita/GravarInfoUpdate
- DNS ASK www.cl#####obrakolping.com
- DNS ASK www.mt#####solutions.com
- DNS ASK www.go###e.com.br
- ClassName: 'Indicator' WindowName: ''