Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xepwfkwhbdi' = '"%WINDIR%\qeijdsfhst.exe"'
- <LS_APPDATA>\qeijdsfhst.exe
- %WINDIR%\qeijdsfhst.exe
- <SYSTEM32>\ping.exe -n 1 localhost
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\melt.bat" "
- <LS_APPDATA>\qeijdsfhst.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bot[1].htm
- %WINDIR%\qeijdsfhst.exe
- <Текущая директория>\melt.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bot[1].htm
- <LS_APPDATA>\qeijdsfhst.exe
- %WINDIR%\qeijdsfhst.exe
- 'fa##link.su':80
- fa##link.su/qwer/Panel/bot.php
- DNS ASK fa##link.su