Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'varas' = '%WINDIR%\22461.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'varas' = '%WINDIR%\22461.exe'
- %WINDIR%\22461.exe
- ClassName: 'gdkWindowToplevel' WindowName: 'The Ethereal Network Analyzer'
- %WINDIR%\ea0c829b3.imb
- %WINDIR%\22461.exe
- 'mi#####ft.loginapp.com':80
- '67.##5.160.76':80
- 'cn#.#dharu.com':80
- mi#####ft.loginapp.com/update/info.php
- cn#.#dharu.com/adult.php?cp#####
- cn#.#dharu.com/hit.php?cp#####
- 67.##5.160.76/
- DNS ASK mi#####ft.loginapp.com
- DNS ASK kr.##hoo.com
- DNS ASK cn#.#dharu.com
- ClassName: 'SmartSniff' WindowName: ''
- ClassName: 'PacketSnifferClass1' WindowName: ''
- ClassName: 'gdkWindowTemp' WindowName: 'wireshark.exe'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'secret.txt - ??????'