Техническая информация
- %TEMP%\Ins138.exe (загружен из сети Интернет) /sp- /silent /norestart /verysilent
- <SYSTEM32>\Vinu.exe silent
- <SYSTEM32>\regsvr32.exe /s DesktopExt.dll
- <SYSTEM32>\GetMac.dll
- %TEMP%\Ins138.exe
- <SYSTEM32>\DesktopExt.dll
- %TEMP%\nsy2.tmp\System.dll
- <SYSTEM32>\Vinu.exe
- <SYSTEM32>\Vinu.exe
- %TEMP%\nsy2.tmp\System.dll
- 'do##.wo001.com':80
- 'co###.namiuu.com':80
- 'co###.wo001.com':80
- do##.wo001.com/files/Ins138.exe
- co###.namiuu.com/count.aspx?ch#####################################
- co###.wo001.com/Count.ashx?ac#####################################################################################################################
- DNS ASK do##.wo001.com
- DNS ASK co###.namiuu.com
- DNS ASK co###.wo001.com
- ClassName: 'Shell_TrayWnd' WindowName: ''