Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ROI21' = '<SYSTEM32>\ROI21.exe'
- %WINDIR%\Temp\WUP2.tmp
- %WINDIR%\Temp\WUP1.tmp
- <SYSTEM32>\kem21.ini
- %WINDIR%\Temp\WUP2.tmp в <SYSTEM32>\kl2.kdb
- %WINDIR%\Temp\WUP1.tmp в <SYSTEM32>\kem21.ini
- 'ne###rch.co.kr':80
- http://ne###rch.co.kr/setup/21/kl2.kdb
- http://ne###rch.co.kr/setup/21/kem21.ini
- DNS ASK ne###rch.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''