Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SasDirFly' = '%WINDIR%\PgHostGl.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\check_keylogger_id[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\check_keylogger_id[1].htm
- %WINDIR%\PgHostGl.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\get_keylogger_data[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\check_keylogger_id[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\check_keylogger_id[1].htm
- 'www.he##t.com':80
- www.he##t.com/check_keylogger_id.php
- www.he##t.com/get_keylogger_data.php
- DNS ASK www.he##t.com