Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'userinit' = '<SYSTEM32>\userinit.exe,<Полный путь к вирусу>,'
- <SYSTEM32>\ctfmon.exe
- <Полный путь к вирусу>
- 'www.bing.com':80
- DNS ASK je###yn.info
- DNS ASK ke###ij.info
- DNS ASK ga###as.info
- DNS ASK www.bing.com
- DNS ASK di###uw.info
- DNS ASK fo###oz.info
- ClassName: 'SunAwtDialog' WindowName: 'Synchronization with bank'
- ClassName: 'javax.swing.JFrame' WindowName: '??i? ? ???????'
- ClassName: 'SunAwtDialog' WindowName: '???? ? ???????'
- ClassName: 'SunAwtDialog' WindowName: '??i? ? ???????'
- ClassName: 'SunAwtDialog' WindowName: '????????????? ? ??????'
- ClassName: 'javax.swing.JFrame' WindowName: 'Welcome'
- ClassName: 'SunAwtFrame' WindowName: 'Welcome'
- ClassName: 'SunAwtFrame' WindowName: '???? ? ???????'
- ClassName: 'SunAwtFrame' WindowName: '????????????? ? ??????'
- ClassName: 'javax.swing.JFrame' WindowName: '???? ? ???????'
- ClassName: 'SunAwtFrame' WindowName: '??i? ? ???????'