Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'W99Nz3mHwrMV' = 'C:\W99Nz3mHwrMV\W99Nz3mHwrMV.exe'
- C:\W99Nz3mHwrMV\W99Nz3mHwrMV.exe
- ClassName: '' WindowName: 'Yahoo! Messenger'
- %TEMP%\sample.html
- C:\W99Nz3mHwrMV\W99Nz3mHwrMV.exe
- C:\W99Nz3mHwrMV\W99Nz3mHwrMV.exe
- %TEMP%\sample.html
- 'up###ecsv.com':80
- DNS ASK up###ecsv.com