Техническая информация
- iexplore.exe
- firefox.exe
- chrome.exe
- opera.exe
- safari.exe
- [<HKCU>\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts]
- [<HKCU>\Identities\{5518F2FB-DB74-45A3-BEC1-4575D8D9DC84}\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Identities\{5518F2FB-DB74-45A3-BEC1-4575D8D9DC84}\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- [<HKCU>\Software\Yahoo\Pager]
- [<HKCU>\Software\Microsoft\IdentityCRL]
- [<HKCU>\Software\Microsoft\Windows Live Mail]
- %TEMP%\_2_2_.exe
- %TEMP%\sos3\9.txt
- %TEMP%\pop0FABFBFF000306E4, 0FABFBFF000006E4CRNJEUFU9215231.txt
- %TEMP%\work_wormy_4.dll
- %TEMP%\Newtonsoft.Json.dll
- %TEMP%\sqlite3_x86.dll
- %TEMP%\da_worm.exe
- 'wp#d':80
- 'wo####onnection.ly':21
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK wp#d
- DNS ASK wo####onnection.ly
- '%TEMP%\_2_2_.exe' /stext %TEMP%\sos3\9.txt
- '%TEMP%\da_worm.exe'