Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'autoauto' = '20676352.bat'
- 'C:\a\internetport3.exe'
- '<SYSTEM32>\taskkill.exe' /im chrome.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyOverride' = '<-loopback>'
- [<HKLM>\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyServer' = 'http=127.0.0.1:8877;https=127.0.0.1:8877;'
- C:\a\ver.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ver5[1].ini
- C:\a\.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\20676352-19405391-48121423-404112-[1].exe
- C:\a\internetport3.exe
- C:\a\19405391.bat
- C:\a\48121423.zip
- C:\a\FiddlerCore.dll
- <SYSTEM32>\20676352.bat
- 'wp#d':80
- 'localhost':8877
- 'do###.dotdo.net':80
- do###.dotdo.net/act/exes4/20676352-19405391-48121423-404112-.exe
- wp#d/wpad.dat
- do###.dotdo.net/act/ver5.ini?v=######
- DNS ASK wp#d
- DNS ASK do###.dotdo.net
- ClassName: '#32770' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Chrome_WidgetWin_0' WindowName: '(null)'