Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '54rk' = ''
- <SYSTEM32>\88c.mod applefalse
- <SYSTEM32>\tiantikle.exe
- <SYSTEM32>\veryhppy.exe
- <SYSTEM32>\cmd.exe /c updataself.bat
- dnf.exe
- <Текущая директория>\updataself.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\city[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\city[2].asp
- <SYSTEM32>\tiantikle.exe
- <SYSTEM32>\88c42807.88c
- <SYSTEM32>\88c.mod
- <SYSTEM32>\veryhppy.exe
- <SYSTEM32>\tiantikle.exe
- <SYSTEM32>\veryhppy.exe
- '12#.#0.108.238':667
- 'ks#####wbdf.webok.net':1314
- 'localhost':1040
- 'localhost':1036
- 'ci##.ip138.com':80
- ci##.ip138.com/city.asp
- DNS ASK ks#####wbdf.webok.net
- DNS ASK ci##.ip138.com