Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ywkhc' = 'C:\ywkhc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ywkhc' = '<Полный путь к вирусу>'
- C:\ywkhc.exe
- <SYSTEM32>\attrib.exe +h "\ywkhc.exe"
- C:\ywkhc.exe
- C:\ywkhc.exe
- 'www.5m##nfo.com':80
- www.5m##nfo.com/info/cm2004.html
- DNS ASK www.5m##nfo.com
- '<IP-адрес в локальной сети>':1035
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Indicator' WindowName: ''