Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SystemLaunch' = '%ProgramFiles%\SystemLaunch.exe'
- %WINDIR%\write.exe
- %ProgramFiles%\SystemLaunch.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\cmd[1].txt
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\Remind[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\Information[1].php
- 'bb#####c50.web44.net':80
- 'bb####5c50.ucoz.ru':80
- 'bb####5c50.ucoz.ru':21
- http://bb#####c50.web44.net/Remind.php
- http://www.bb####5c50.ucoz.ru/Users/Menkenova/cmd.txt via bb####5c50.ucoz.ru
- http://bb#####c50.web44.net/Information.php
- DNS ASK bb#####c50.web44.net
- DNS ASK www.bb####5c50.ucoz.ru
- DNS ASK bb####5c50.ucoz.ru
- '%ProgramFiles%\SystemLaunch.exe'
- '%WINDIR%\write.exe' NewDocument