Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'FdHiD.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FdRun' = '<SYSTEM32>\hrome.exe'
- <SYSTEM32>\hrome.exe
- <SYSTEM32>\cacls.exe "<SYSTEM32>\hrome.exe" /e /g Все:f
- <SYSTEM32>\cacls.exe "<SYSTEM32>\FdHiD.dll" /e /g Все:f
- <SYSTEM32>\cacls.exe "<SYSTEM32>\FdHiD.dll" /e /g All:f
- <SYSTEM32>\wscript.exe "<SYSTEM32>\1m531n5.vbs"
- <SYSTEM32>\cacls.exe "<SYSTEM32>\hrome.exe" /e /g All:f
- <SYSTEM32>\hrome.exe
- <SYSTEM32>\1m531n5.vbs
- <SYSTEM32>\hrome.exe
- <SYSTEM32>\FdHiD.dll
- <SYSTEM32>\1m531n5.vbs
- 'sm##.gmx.com':25
- '74.##5.232.51':80
- DNS ASK sm##.gmx.com
- DNS ASK www.google.com