Техническая информация
- filename.exe
- [<HKCU>\Software\Yahoo\Pager]
- [<HKCU>\Software\Microsoft\IdentityCRL]
- [<HKCU>\Software\Microsoft\Windows Live Mail]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- [<HKCU>\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts]
- [<HKCU>\Identities\{5518F2FB-DB74-45A3-BEC1-4575D8D9DC84}\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Identities\{5518F2FB-DB74-45A3-BEC1-4575D8D9DC84}\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts]
- ClassName: '', WindowName: 'Yahoo! Messenger'
- %TEMP%\APhDI3vHzQ.ini
- %TEMP%\Q9aOt0PvOO.ini
- %HOMEPATH%\Desktop\ca\fsfsdgg6\filename.exe
- %TEMP%\Update.txt
- %TEMP%\Q9aOt0PvOO.ini
- %TEMP%\APhDI3vHzQ.ini
- 'im##.com.au':80
- http://im##.com.au/boss/PHP/index.php?ac################################################################################################
- http://im##.com.au/boss/PHP/index.php?ac###########################################################
- DNS ASK im##.com.au
- '%HOMEPATH%\Desktop\ca\fsfsdgg6\filename.exe' /scomma "%TEMP%\Q9aOt0PvOO.ini"
- '%HOMEPATH%\Desktop\ca\fsfsdgg6\filename.exe' /scomma "%TEMP%\APhDI3vHzQ.ini"
- '%HOMEPATH%\Desktop\ca\fsfsdgg6\filename.exe'
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Update" /d "cmd /c type "%TEMP%\Update.txt" | cmd"
- '<SYSTEM32>\cmd.exe'