Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\winset.vbs
- '' (загружен из сети Интернет)
- %TEMP%\Ipchanger.exe
- %TEMP%\msInfok.ini
- %TEMP%\winset.vbs
- %TEMP%\runresult.tmp
- %TEMP%\dw.log
- %TEMP%\2E034.dmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\key[1].exe
- %TEMP%\svost.exe
- %TEMP%\runresult.tmp
- 'wp#d':80
- 'ot##nd.net':80
- 'localhost':1039
- 'ti####eylogger.com':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://ot##nd.net/ipchanger/update.php
- http://ti####eylogger.com/download/key.exe
- DNS ASK google.com
- DNS ASK wp#d
- DNS ASK ot##nd.net
- DNS ASK ti####eylogger.com
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%TEMP%\winset.vbs"
- '%TEMP%\Ipchanger.exe'
- '%TEMP%\svost.exe'
- '<SYSTEM32>\cmd.exe' /c ping -n 2 -w 900 google.com>%TEMP%\runresult.tmp
- '<SYSTEM32>\ping.exe' -n 2 -w 900 google.com
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 972