Техническая информация
Изменения в файловой системе
Создает следующие файлы
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
Сетевая активность
TCP
Запросы HTTP GET
- http://fo####.banat-style.com/clientscript/yui/connection/connection-min.js?v=###
- http://fo####.banat-style.com/images/smilies/a7rraj.gif
- http://fo####.banat-style.com/images/buttons/quote_40b.png
- http://fo####.banat-style.com/images/gradients/generic_button.png
- http://fo####.banat-style.com/images/star.gif
- http://fo####.banat-style.com/image.php?u=##########################
- http://fo####.banat-style.com/images/fofo3.gif
- http://fo####.banat-style.com/clear.gif
- http://fo####.banat-style.com/images/misc/progress.gif
- http://fo####.banat-style.com/images/icons/icon1.png
- http://fo####.banat-style.com/images/reputation/reputation_pos.png
- http://fo####.banat-style.com/images/fofo2.gif
- http://fo####.banat-style.com/images/statusicon/user-offline.png
- http://fo####.banat-style.com/image.php?u=#########################
- http://fo####.banat-style.com/vbseo/resources/images/forum/linkback_about.gif
- http://fo####.banat-style.com/vbseo/resources/images/forum/linkback_url.gif
- http://fo####.banat-style.com/images/pagination/previous-left.png
- http://fo####.banat-style.com/images/pagination/first-left.png
- http://fo####.banat-style.com/images/misc/navbit-home.png
- http://fo####.banat-style.com/images/misc/navbit-arrow-left.png
- http://fo####.banat-style.com/images/smilies/banat3.gif
- http://fo####.banat-style.com/images/misc/bookmarksite_digg.gif
- http://cr#.#odaddy.com/gdig2s1-1706.crl
- http://cr#.#odaddy.com/gdroot-g2.crl
- http://cr#.#odaddy.com/gdroot.crl
- http://fo####.banat-style.com/images/gradients/gradient-greytowhite.png
- http://fo####.banat-style.com/images/buttons/newbtn_middle.png
- http://fo####.banat-style.com/images/reputation/reputation_highpos.png
- http://fo####.banat-style.com/members/127397-albums14064-picture15223.gif
- http://fo####.banat-style.com/images/signaturepics/sigpic42347_4.gif
- http://fo####.banat-style.com/image.php?u=#####################################
- http://wi####.engageya.com/_pos_loader.js
- http://fo####.banat-style.com/image.php?ty##########################################
- http://fo####.banat-style.com/vbseo/resources/images/forum/vbseo_like.png
- http://fo####.banat-style.com/images/statusicon/post_old.png
- http://fo####.banat-style.com/images/misc/black_downward_arrow.png
- http://fo####.banat-style.com/images/buttons/collapse_40b.png
- http://fo####.banat-style.com/images/misc/bookmarksite_google.gif
- http://fo####.banat-style.com/images/misc/bookmarksite_stumbleupon.gif
- http://fo####.banat-style.com/images/misc/bookmarksite_delicious.gif
- http://fo####.banat-style.com/images/buttons/search_rtl.png
- http://www.af###nic.com/forsale/up-aa.com?ut###########################################################################################################
- http://www.sh##q4.net/upfiles/toK83324.gif
- http://fo####.banat-style.com/images/font/muslimah_thin.otf%22)%20format(%22opentype
- http://fo####.banat-style.com/images/font/muslimah_light.otf%22)%20format(%22opentype
- http://fo####.banat-style.com/images/font/GE_SS_Unique_Light.otf%22)%20format(%22opentype
- http://fo####.banat-style.com/images/font/GE_SS_Unique_Bold.otf%22)%20format(%22opentype
- http://fo####.banat-style.com/images/font/ge_ss_two_bold.ttf%22)%20format(%22truetype%22),%20url(%22font/ge_ss_two_bold.otf%22)%20format(%22opentype
- http://fo####.banat-style.com/images/font/ge_ss_two_medium.ttf%22)%20format(%22truetype%22),%20url(%22font/ge_ss_two_medium.otf%22)%20format(%22opentype
- http://fo####.banat-style.com/images/font/ge_ss_two_light.ttf%22)%20format(%22truetype%22),%20url(%22font/ge_ss_two_light.otf%22)%20format(%22opentype
- http://fo####.banat-style.com/vbseo/resources/scripts/vbseo_ui.js?v=##
- http://fo####.banat-style.com/css.php?st##########################################################
- http://fo####.banat-style.com/css.php?st#########################################################################################################################
- http://fo####.banat-style.com/css.php?st##################################################################################################################################################
- http://fo####.banat-style.com/images/outstrap.css
- http://fo####.banat-style.com/css.php?st#################################################################################################################################################
- http://fo####.banat-style.com/css.php?st#########################################################################################################################################################...
- http://fo####.banat-style.com/clientscript/vbulletin-core.js?v=###
- http://fo####.banat-style.com/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=###
- http://fo####.banat-style.com/images/font/dust.ttf%22)%20format(%22truetype
- http://fo####.banat-style.com/images/font/revl.ttf%22)%20format(%22truetype
- http://fo####.banat-style.com/images/font/ubuntu.ttf%22)%20format(%22truetype
- http://fo####.banat-style.com/images/font/revb.ttf%22)%20format(%22truetype
- http://fo###.#anat-style.com/members/127397-albums14064-picture15223.gif
- http://fo####.banat-style.com/images/font/tin.ttf%22)%20format(%22truetype
- http://fo###.#anat-style.com/images/signaturepics/sigpic42347_4.gif
- http://fo###.#anat-style.com/image.php?ty###########################################
- http://www.up##a.com/upfiles/U9117911.png
- http://up.##w2r.com/upfiles/Cpa24496.gif
- http://fo###.#anat-style.com/image.php?u=#####################################
- http://fo###.#anat-style.com/image.php?ty##########################################
- http://www.co###girls.com/images/smilies/4.gif
- http://fo####.banat-style.com/image.php?ty###########################################
- http://cr#.#odaddy.com/gdig2s1-1610.crl
- http://fo####.banat-style.com/
- http://fo####.banat-style.com/clientscript/vbulletin_md5.js?v=###
- http://fo####.banat-style.com/images/logo20.png
- http://fo####.banat-style.com/images/font/HelveticaNeueW23forSKY-Bd.eot?
- http://fo####.banat-style.com/images/font/HelveticaNeueW23forSKY-Reg.eot?
- http://fo####.banat-style.com/images/font/ge-ss-med-webfont.eot?
- http://fo####.banat-style.com/images/font/hacen_liner_screen.eot?")##############################################################################################################################...
- http://fo####.banat-style.com/images/font/GE_SS_Two_Light.eot?")##############################################################################################################################
- http://ww###.0zz0.com/2011/12/21/17/628952266.jpg
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
UDP
- DNS ASK fo####.banat-style.com
- DNS ASK af###nic.com
- DNS ASK im##.gulfup.com
- DNS ASK up.#cc.com
- DNS ASK up##a.com
- DNS ASK dc##.arabsh.com
- DNS ASK sh##q4.net
- DNS ASK yo##ube.com
- DNS ASK up.##w2r.com
- DNS ASK im###.imageshack.us
- DNS ASK fo###.#anat-style.com
- DNS ASK co###girls.com
- DNS ASK ww###.0zz0.com
- DNS ASK tw##ter.com
- DNS ASK wi####.engageya.com
- DNS ASK im####.imageshack.us
- DNS ASK cr#.#odaddy.com
Другое
Ищет следующие окна
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
