Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'gjhax_16.exe' = '%APPDATA%\U19iXk9iVWNVYmZV\gjhax_16.exe'
- скрытых файлов
- '%APPDATA%\U19iXk9iVWNVYmZV\gjhax_16.exe'
- '%APPDATA%\U19iXk9iVWNVYmZV\gjhax_16.exe'
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 3
- '<SYSTEM32>\notepad.exe' %TEMP%\outlook.txt
- '%TEMP%\oulooktools.exe'
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE'
- '<SYSTEM32>\cmd.exe'
- %APPDATA%\U19iXk9iVWNVYmZV\gjhax_16.exe
- %TEMP%\oulooktools.exe
- %APPDATA%\U19iXk9iVWNVYmZV\gjhax_16.exe
- %TEMP%\oulooktools.exe
- 'en#####marikonne.bit':80
- http://en#####marikonne.bit/temp/897f56909a/94un03fckb/7md6hrg15e/chat.php
- DNS ASK ns#.###.dns.d0wn.biz
- DNS ASK ns#.###dom.dns.d0wn.biz
- DNS ASK en#####marikonne.bit
- DNS ASK ns.##tbit.me
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''