Техническая информация
- '%APPDATA%\oougw.exe'
- '<SYSTEM32>\cmd.exe' /K "%APPDATA%\oougw.exe"
- '<SYSTEM32>\reg.exe' reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "5b922947-49a4-4881-87f9-e3cc0a59bd71" /t REG_SZ /d "%APPDATA%\oougw.exe" & exit
- oougw.exe
- [<HKCU>\Software\IMVU\username]
- %ALLUSERSPROFILE%\Application Data\CRNJEUFU_1_26_7_51_1.jpg
- %APPDATA%\oougw.exe
- '46.##3.223.44':80
- 'wp#d':80
- http://46.##3.223.44/B/decap-10jan-10feb/post.php?ty##########################################################
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''