Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FlashMute' = '%WINDIR%\flashmute.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'twunk_32' = '%WINDIR%\32_twunk.exe'
- %WINDIR%\MZђ.exe
- %WINDIR%\flashmute.exe
- %WINDIR%\MZђ.exe (загружен из сети Интернет)
- <SYSTEM32>\ping.exe -n 1 -w 5000 www.google.com
- %TEMP%\temp630010-ssacsyf.txt
- %WINDIR%\MZђ.exe
- %WINDIR%\videolist.txt
- %WINDIR%\flashmute.exe
- %WINDIR%\mutelib.dll
- %TEMP%\temp772989-ping.txt
- %TEMP%\temp772989-ping.txt
- 'di####connect.pl':80
- di####connect.pl/new3/videolist.txt
- di####connect.pl/new3/software/MZ?.e##
- di####connect.pl/new3/software
- DNS ASK di####connect.pl
- DNS ASK www.google.com
- ClassName: 'AutoHotkey' WindowName: '<Полный путь к вирусу>'