Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'gymon' = '%WINDIR%\temp\201289191824.exe'
- %WINDIR%\Temp\201289191824.exe
- %WINDIR%\Temp\201289191822.exe
- <SYSTEM32>\Rgmrtky.cc3
- %TEMP%\sdinfo.tmp
- %WINDIR%\Temp\201289191822.exe
- %WINDIR%\Temp\201289191824.exe
- %WINDIR%\Temp\201289191824.exe
- 'ww##.#ikiplum.com':8888
- '98.##6.151.114':4474
- DNS ASK ww##.#ikiplum.com