Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'GGGG' = '<SYSTEM32>\GKCE011F9.exe'
- '<SYSTEM32>\GKCE011F9.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\6089764A.bat
- %TEMP%\6089764A.bat
- <SYSTEM32>\GKCE011F9.exe
- 'localhost':6668
- '21#.#3.211.228':808
- DNS ASK tz#####.YOUAREGRATES.COM
- DNS ASK tz####e.SEASKS.COM
- DNS ASK tz#####.VODAFANS.COM
- DNS ASK tz#####.ADOCONNECT.COM
- DNS ASK tz####e.WKAKK.COM
- DNS ASK tz####e.WEBKEKE.COM
- DNS ASK tz####e.BUILC.COM
- DNS ASK tz####e.TWOTWOC.COM
- DNS ASK tz#####.GAMEWOLFS.COM
- DNS ASK tz#####.SEARCHFORW.COM
- DNS ASK tz#####.CHEKFILES.COM
- 'tz####e.twotwoc.com':0
- ClassName: 'ThunderRT6FormDC' WindowName: '????????????'
- ClassName: '(null)' WindowName: '???????????? '
- ClassName: '(null)' WindowName: 'GG_FG_WND'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'