Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dwm' = '%APPDATA%\dwm.exe'
- %APPDATA%\dwm.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\sam[1].htm
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\sam[1].htm
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\login[1].htm
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\sam[1].htm
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\login[1].htm
- <Полный путь к файлу>
- 'so###igeoas.com':80
- '20#.#8.63.228':80
- 'ui###workas.com':80
- http://so###igeoas.com/whynot/sam.php
- http://20#.#8.63.228/forum/login.php
- http://ui###workas.com/whynot/sam.php
- DNS ASK so###igeoas.com
- DNS ASK ui###workas.com
- '%APPDATA%\dwm.exe'