Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\GomPlaySvr\Parameters] 'ServiceDll' = '<SYSTEM32>\<Имя файла>.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\GomPlaySvr] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\ControlSet001\Services\GomPlaySvr] 'Start' = '00000002'
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\nsd141641302[1].gif
- <SYSTEM32>\magazi.apt
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\20130924[1].jpg
- <SYSTEM32>\mshytvjiil.ocx
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\retirement2_635x250_1379951594[1].jpg
- <SYSTEM32>\dasfwe.css
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\arp-ping[1].exe
- 'im#.#aver.net':80
- 'sp.#sk.com':80
- 'www.el####kerson.com':80
- 'localhost':1039
- 'l3.#img.com':80
- http://im#.#aver.net/static/newsstand/up/2013/0123/nsd141641302.gif
- http://sp.#sk.com/qotdxdict/i/20130924.jpg
- http://l3.#img.com/nn/fp/rsz/092313/images/smush/retirement2_635x250_1379951594.jpg
- http://www.el####kerson.com/projects/downloads/arp-ping-0.3/arp-ping.exe
- DNS ASK im#.#aver.net
- DNS ASK sp.#sk.com
- DNS ASK l3.#img.com
- DNS ASK www.el####kerson.com