Техническая информация
- '%PROGRAM_FILES%\Windows NT\Accessories\Microsoft\msxml.exe' "<Полный путь к вирусу>"
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Message.lnk
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hview[1].php
- %PROGRAM_FILES%\Windows NT\Accessories\Microsoft\msxml.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hview[1].php
- 'co###.yukiheya.com':80
- co###.yukiheya.com/ems/hview.php?rd###################
- DNS ASK co###.yukiheya.com