Техническая информация
- скрытых файлов
- [<HKCU>\Software\IMVU\username]
- [<HKCU>\Software\IMVU\password]
- [<HKCU>\Software\Valve\Half-Life\Settings]
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander]
- %TEMP%\sys32\new pc infected crmhzc.html
- %TEMP%\sys32\passwords of crmhzc.html
- http://wh###smyip.com/automation/n09230945.asp
- DNS ASK wh###smyip.com
- DNS ASK sm##.gmail.com