Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'MemoThisInstall' = 'C:\$$224466.bat'
- [<HKLM>\SYSTEM\ControlSet001\Services\MemoThisMonService] 'Start' = '00000002'
- %PROGRAM_FILES%\MemoThisPOP\MemoThisPOP.exe
- %PROGRAM_FILES%\MemoThisPOP\MemoThisMon.exe /INSTALL /SILENT
- %PROGRAM_FILES%\MemoThisPOP\MemoThisPOP.exe (загружен из сети Интернет)
- %PROGRAM_FILES%\MemoThisPOP\MemoThisMon.exe (загружен из сети Интернет)
- %PROGRAM_FILES%\MemoThisPOP\MemoThisPOP.ini
- %PROGRAM_FILES%\MemoThisPOP\MemoThisUninstall.exe
- C:\$$224466.bat
- %PROGRAM_FILES%\MemoThisPOP\memothis-update.exe
- %PROGRAM_FILES%\MemoThisPOP\MemoThisPOP.exe
- %PROGRAM_FILES%\MemoThisPOP\MemoThisMon.exe
- из <Полный путь к вирусу> в %PROGRAM_FILES%\MemoThisPOP\<Имя вируса>.exe
- 'www.ad###com.com':80
- 'cl####.additcom.com':80
- cl####.additcom.com/download/setup/MemoVersion.zip
- cl####.additcom.com/download/setup/MemoThisUninstall.zip
- www.ad###com.com/install_memothis/?ci###################################
- cl####.additcom.com/download/setup/memothis-update.zip
- cl####.additcom.com/download/setup/MemoThisPOP.zip
- cl####.additcom.com/download/setup/MemoThisMon.zip
- DNS ASK www.ad###com.com
- DNS ASK cl####.additcom.com
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''