Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft.inc©' = '"%WINDIR%\Test\startup-name.exe"'
- <SYSTEM32>\cmd.exe /c ""c:\kill_process.bat" "
- C:\kill_process.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\url[1]
- C:\%USERNAME%_SYSTEM.txt
- %WINDIR%\Boot.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\n09230945[1].asp
- %WINDIR%\Boot.txt
- C:\kill_process.bat
- C:\%USERNAME%_SYSTEM.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\n09230945[1].asp
- из <Полный путь к вирусу> в %WINDIR%\Test\startup-name.exe
- 'localhost':1039
- 'www.ur#.com':80
- 'wh###smyip.com':80
- 'ft#.#xample.com':21
- www.ur#.com/
- wh###smyip.com/automation/n09230945.asp
- DNS ASK www.ur#.com
- DNS ASK ft#.#xample.com
- DNS ASK wh###smyip.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''