Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Automatic Updat] 'Start' = '00000002'
- '%WINDIR%\Jeremiah.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\8931.bat
- '<SYSTEM32>\winlogon.exe' 1232
- %TEMP%\8931.bat
- %WINDIR%\Jeremiah.exe
- %TEMP%\72603.tmp
- %WINDIR%\Jeremiah.exe
- 'ba##.#ackroad.com':80
- ba##.#ackroad.com/baby.txt
- DNS ASK ba##.#ackroad.com