Техническая информация
- [<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\Run] 'exexc10' = '<Полный путь к файлу>'
- <SYSTEM32>\wscript.exe
- iexplore.exe
- [<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Zones\2] '1001' = '00000000'
- [<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Zones\2] '1004' = '00000000'
- [<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Zones\2] '1200' = '00000000'
- [<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Zones\2] '1201' = '00000000'
- [<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Zones\2] '1405' = '00000000'
- [<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Zones\2] '2201' = '00000000'
- <Текущая директория>\60.vbe
- <Текущая директория>\71.vbe
- http://ku##er.com/advnew/d20.txt
- http://ku##er.com/advnew/60.vbs
- http://ku##er.com/advnew/61.vbe
- http://ku##er.com/advnew/62.vbe
- http://ku##er.com/advnew/63.vbe
- http://ku##er.com/advnew/64.vbe
- DNS ASK ku##er.com
- '<SYSTEM32>\wscript.exe' 60.vbe
- '<SYSTEM32>\wscript.exe' 71.vbe
- '<SYSTEM32>\wscript.exe' 72.vbe
- '<SYSTEM32>\wscript.exe' 73.vbe
- '<SYSTEM32>\wscript.exe' 74.vbe