Техническая информация
- [<HKLM>\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] '' = '"<LS_APPDATA>\kww.exe" -a "%PROGRAM_FILES%\Internet Explorer\iexplore.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ctfmon.exe' = '<SYSTEM32>\ctfmon.exe'
- <LS_APPDATA>\kww.exe -gav <Полный путь к вирусу>
- chrome.exe
- opera.exe
- iexplore.exe
- firefox.exe
- %TEMP%\k785kl681o4d0c
- %HOMEPATH%\Templates\k785kl681o4d0c
- %ALLUSERSPROFILE%\Application Data\k785kl681o4d0c
- <LS_APPDATA>\kww.exe
- <LS_APPDATA>\k785kl681o4d0c
- 'yw###weq.com':80
- 'yt###suvi.com':80
- 'uv###jemowe.com':80
- 'of###wal.com':80
- 'az###rimazy.com':80
- DNS ASK yw###weq.com
- DNS ASK yt###suvi.com
- DNS ASK aq###byso.com
- DNS ASK of###wal.com
- DNS ASK az###rimazy.com
- DNS ASK uv###jemowe.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'msascui_class' WindowName: ''