Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe,"<SYSTEM32>\bva\dasd.exe"'
- <SYSTEM32>\bva\dasd.exe
- <Полный путь к файлу>
- <SYSTEM32>\bva\dasd.exe
- <Полный путь к файлу> в %TEMP%\2683
- 'ju######itifyouknowit.ru':80
- 'wh#####eyourdedows.com':80
- 'il#####punchnoah.com':80
- 'hi####meisnoah.su':80
- 'ic####ealotkrug.com':80
- 'ka#####llizdageil.com':80
- '18#.#11.48.82':80
- 'me###baslm.su':80
- 'id######eitwhenyoudoit.ru':80
- http://ju######itifyouknowit.ru/exodus/gate3.php
- http://wh#####eyourdedows.com/exodus/gate3.php
- http://il#####punchnoah.com/exodus/gate3.php
- http://hi####meisnoah.su/exodus/gate3.php
- http://ic####ealotkrug.com/exodus/gate3.php
- http://ka#####llizdageil.com/exodus/gate3.php
- http://18#.#11.48.82/exodus/gate3.php
- http://me###baslm.su/exodus/gate3.php
- http://id######eitwhenyoudoit.ru/exodus/gate3.php
- DNS ASK ju######itifyouknowit.ru
- DNS ASK wh#####eyourdedows.com
- DNS ASK il#####punchnoah.com
- DNS ASK hi####meisnoah.su
- DNS ASK id######eitwhenyoudoit.ru
- DNS ASK ka#####llizdageil.com
- DNS ASK ic####ealotkrug.com
- DNS ASK me###baslm.su
- '<SYSTEM32>\bva\dasd.exe'