Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'german.exe' = '%WINDIR%\wintems.exe'
- '%WINDIR%\wintems.exe'
- '%WINDIR%\mdelk.exe' -upd
- ClassName: 'FilemonClass' WindowName: '(null)'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: '(null)'
- ClassName: 'RegmonClass' WindowName: '(null)'
- ClassName: 'OLLYDBG' WindowName: '(null)'
- ClassName: 'GBDYLLO' WindowName: '(null)'
- ClassName: 'pediy06' WindowName: '(null)'
- %WINDIR%\ban_list.txt
- %WINDIR%\wintems.exe
- %WINDIR%\mdelk.exe
- %WINDIR%\ban_list.txt
- 'bi###rd-88.ch':80
- 'ba##os.be':80
- 'po###oem.com':80
- 'bi###landia.org':80
- 'ne###yonnzz.ws':80
- 'an##agic.gr':80
- 'bi####breaker.com':80
- 'www.bm###wfirm.com':80
- 'www.be##eh.ru':80
- 'tu#####lesticketing.com':80
- 'bi###rchiv.de':80
- 'bi###shop.com':80
- 'bi####valdinon.it':80
- bi###rd-88.ch/images/file.txt
- ba##os.be/images/file.txt
- po###oem.com/images/file.txt
- bi###landia.org/images/file.txt
- ne###yonnzz.ws/images/file.txt
- an##agic.gr/images/file.txt
- bi####breaker.com/images/file.txt
- www.bm###wfirm.com/images/file.txt
- www.be##eh.ru/images/ludi/file.txt
- tu#####lesticketing.com/images/file.txt
- bi###rchiv.de/images/file.txt
- bi###shop.com/images/file.txt
- bi####valdinon.it/images/file.txt
- DNS ASK bi###rd-88.ch
- DNS ASK ba##os.be
- DNS ASK po###oem.com
- DNS ASK an##agic.gr
- DNS ASK bi##a.pl
- DNS ASK bi###landia.org
- DNS ASK ne###yonnzz.ws
- DNS ASK www.bm###wfirm.com
- DNS ASK www.be##eh.ru
- DNS ASK tu#####lesticketing.com
- DNS ASK bi####valdinon.it
- DNS ASK BI####BREAKER.com
- DNS ASK bi###rchiv.de
- DNS ASK bi###shop.com
- ClassName: '18467-41' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: '(null)' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: '(null)' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'