Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows(TM) Update' = '%APPDATA%\tmp0392.exe'
- ClassName: '' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: '' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass' WindowName: ''
- ClassName: '' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'GBDYLLO' WindowName: ''
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: 'FilemonClass' WindowName: ''
- ClassName: 'pediy06' WindowName: ''
- %TEMP%\3133.png
- %TEMP%\3075.png
- %TEMP%\8100.png
- %TEMP%\7912.png
- %TEMP%\4625.png
- %TEMP%\7108.png
- %TEMP%\5020.png
- %TEMP%\3489.png
- %TEMP%\2460.png
- %TEMP%\3056.png
- %TEMP%\3282.png
- %TEMP%\6550.png
- %TEMP%\8657.png
- %TEMP%\5749.png
- %TEMP%\2589.png
- %TEMP%\1059.png
- %TEMP%\5954.png
- %TEMP%\6524.png
- %TEMP%\4365.png
- %TEMP%\1992.png
- %TEMP%\5948.png
- %TEMP%\9687.png
- %TEMP%\5014.png
- %TEMP%\9254.png
- %TEMP%\4495.png
- из <Полный путь к вирусу> в %APPDATA%\tmp0392.exe
- 've##x.net':80
- 'sm##.gmail.com':587
- ve##x.net/ip
- DNS ASK ve##x.net
- DNS ASK sm##.gmail.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: '18467-41' WindowName: ''