Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'GlobalFlagimglog' = '<SYSTEM32>\imglog.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\win32.exe
- %WINDIR%\WindowsDefender.exe
- C:\win.log
- <SYSTEM32>\win32.exe
- %WINDIR%\ponto.DLL
- 'bn#.##gvelox.com':80
- 'www.iw##e.si':80
- http://bn#.##gvelox.com/php.php
- http://www.iw##e.si/media/send.php
- DNS ASK bn#.##gvelox.com
- DNS ASK www.iw##e.si
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'