Техническая информация
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run /V "SystemService" /D ""%TEMP%\gbot\svchost.exe"" /F
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\getcmd[1].php
- %TEMP%\bc
- %TEMP%\gbot\svchost.exe
- %TEMP%\bc
- 'te##.#ocaldomain':80
- te##.#ocaldomain/getcmd.php?ui###############
- DNS ASK te##.#ocaldomain