Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '_WGA' = '%WINDIR%\WgaDisp.exe'
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' http://www.th####square.com/2/
- %WINDIR%\WgaDisp.exe
- <Текущая директория>\_DelItM.bat
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\google[1]
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\index[1].php
- <Полный путь к файлу>
- 'localhost':1037
- 'localhost':1039
- 'th####square.com':80
- '74.##5.232.51':80
- '20#.#67.111.103':80
- http://www.th####square.com/2/ via th####square.com
- http://www.google.com/ via 74.##5.232.51
- http://20#.#67.111.103/index.php?m=####################################################################
- DNS ASK www.th####square.com
- DNS ASK www.google.com
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '%WINDIR%\WgaDisp.exe'
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\_DelItM.bat" "