Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'load32' = '<SYSTEM32>\winldra.exe'
- <SYSTEM32>\rat.exe
- %WINDIR%\ installer.exe
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\appwiz.dll
- %WINDIR%\prntsvra.dll
- %WINDIR%\dvpd.dll
- %WINDIR%\Temp\fe43e701.htm
- <SYSTEM32>\info.txt
- <SYSTEM32>\appwiz.dll
- <SYSTEM32>\rat.exe
- %WINDIR%\ installer.exe
- %WINDIR%\winsms.dll
- %WINDIR%\netdx.dat
- <SYSTEM32>\winldra.exe
- 'ft#.#arod.ru':21
- 'be###ank.com':80
- be###ank.com/old-php/var/botnet/SCRIPT/logger.php?p=###########################################################################
- be###ank.com/old-php/var/botnet/SCRIPT/logger.php
- DNS ASK ft#.#arod.ru
- DNS ASK be###ank.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''