Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\prints.exe,'
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\CRNJEUFU-680f[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CRNJEUFU-680f[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\CRNJEUFU-680f[1]
- <SYSTEM32>\packet64.dll
- <SYSTEM32>\prints.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\CRNJEUFU-680f[1]
- 'ze##.#kypetm.com.tw':8080
- '11#.#0.221.126':80
- '11#.#0.221.126':8080
- 'an##.#kypetm.com.tw':80
- 'an##.#kypetm.com.tw':8080
- 'ze##.#kypetm.com.tw':80
- 11#.#0.221.126/FC001/CRNJEUFU-680f
- ze##.#kypetm.com.tw/FC001/CRNJEUFU-680f
- an##.#kypetm.com.tw/FC001/CRNJEUFU-680f
- DNS ASK ze##.#kypetm.com.tw
- DNS ASK an##.#kypetm.com.tw