Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Chipmunk] 'ImagePath' = '<SYSTEM32>\les32.exe %1'
- [<HKLM>\SYSTEM\ControlSet001\Services\Chipmunk] 'Start' = '00000002'
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LBMMC3H3\001[1].jpg
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\faq[1].htm
- <SYSTEM32>\les32.exe
- 'ec#####eway.phpnet.us':80
- 'localhost':1040
- 'bu###duks.com':80
- http://ec#####eway.phpnet.us/temp/001.jpg
- http://bu###duks.com/faq
- DNS ASK ec#####eway.phpnet.us
- DNS ASK bu###duks.com