Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'udpade' = '<SYSTEM32>\udpade.exe'
- <SYSTEM32>\regsvr32.exe /s dynwrapx.dll
- <SYSTEM32>\ntvdm.exe -f -i1
- <SYSTEM32>\cmd.exe /c """%TEMP%\1.tmp\setup.bat"""
- <SYSTEM32>\reg.exe add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "udpade" /t REG_SZ /d "<SYSTEM32>\udpade.exe" /f
- <SYSTEM32>\dynwrapx.dll
- <SYSTEM32>\udpade.exe
- %WINDIR%\Temp\scs2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\11865305_112[1].jpg
- %WINDIR%\Temp\scs3.tmp
- <Текущая директория>\dynwrapx.dll
- %TEMP%\1.tmp\b2e.dll
- %TEMP%\1.tmp\b2e
- %TEMP%\1.tmp\binaries.txt
- <Текущая директория>\photo.exe
- %TEMP%\1.tmp\setup.bat
- %TEMP%\1.tmp\b2e.dll
- <Текущая директория>\dynwrapx.dll
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs2.tmp
- %TEMP%\1.tmp\b2e
- %TEMP%\1.tmp\binaries.txt
- <Текущая директория>\photo.exe
- %TEMP%\1.tmp\setup.bat
- 'www.it###a-ru.it':80
- 'localhost':1034
- www.it###a-ru.it/files/11865305_112.jpg
- DNS ASK www.it###a-ru.it
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b1c.b20.390001'
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''