Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%HOMEPATH%\Desktop\filename.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%HOMEPATH%\Desktop\filename.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' -f "%TEMP%\eySQ.txt"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' -f "%TEMP%\kGPOlt.txt"
- '%HOMEPATH%\Desktop\filename.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' -f "%TEMP%\uOTBL.txt"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- [<HKCU>\Software\IMVU\username]
- [<HKCU>\Software\Paltalk]
- [<HKCU>\Software\Yahoo\pager]
- [<HKCU>\Software\IMVU\password]
- [<HKCU>\Software\America Online\aim6\Passwords]
- [<HKCU>\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts]
- [<HKCU>\Software\Google\Google Talk\Accounts]
- [<HKCU>\Software\Microsoft\Windows Live Mail]
- %TEMP%\eySQ.txt
- %TEMP%\kGPOlt.txt
- %TEMP%\uOTBL.txt
- %HOMEPATH%\Desktop\filename.exe
- %TEMP%\7vVZVju.bmp
- %TEMP%\kGPOlt.txt
- %TEMP%\eySQ.txt
- %TEMP%\uOTBL.txt
- 'co####xsoftware.com':80
- 'wp#d':80
- http://co####xsoftware.com/geoip/geoip.php
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK co####xsoftware.com
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: ''