Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- [<HKLM>\SYSTEM\ControlSet001\Services\Alertero_name] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinNati] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\WWNationaljrq] 'Start' = '00000002'
- '<SYSTEM32>\tgzbgg.exe'
- 'C:\wincw.exe'
- '<SYSTEM32>\gkmokq.exe'
- 'C:\Winwwb.exe'
- 'C:\Wixn.exe'
- 'C:\WSDI.exe'
- '<SYSTEM32>\mmucmg.exe'
- '%TEMP%\IXP000.TMP\Server1.exe'
- <SYSTEM32>\tgzbgg.exe
- <SYSTEM32>\mmucmg.exe
- <SYSTEM32>\gkmokq.exe
- %WINDIR%\Temp\Server.dll
- C:\Winwwb.exe
- C:\Wixn.exe
- C:\WSDI.exe
- C:\wincw.exe
- %TEMP%\IXP000.TMP\Server1.exe
- C:\Winwwb.exe
- C:\wincw.exe
- %TEMP%\IXP000.TMP\Server1.exe
- 'any':8888
- 'any':8500
- 'any':76
- 'hg###.gicp.net':9527
- 'any':9527
- DNS ASK xi####ao.gnway.net
- DNS ASK hg###.gicp.net