Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%APPDATA%\vfbu.exe'
- %WINDIR%\Explorer.EXE
- iexplore.exe
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %APPDATA%\vfbu.exe
- %TEMP%\B42CE9E6.TMP
- %APPDATA%\vfbu.exe
- 'a.####fftube.com.ua':443
- DNS ASK up####windows.net
- DNS ASK a.####fftube.com.ua
- DNS ASK li####dates2000.com
- ClassName: 'Progman' WindowName: ''