Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'furog' = '<SYSTEM32>\bahodoopul.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\iie4q9zo6eeeahi] 'Start' = '00000002'
- %TEMP%\ewjztfoeC3CCBA39.tmp
- <SYSTEM32>\peloohuqua.exe
- из <SYSTEM32>\wuwyke.exe в <SYSTEM32>\bahodoopul.exe
- из <Полный путь к вирусу> в <SYSTEM32>\wuwyke.exe
- '20#.#5.237.25':25
- '21#.#39.127.176':25
- '74.##5.45.27':25
- '20#.#6.123.55':25
- '20#.#5.217.33':25
- '64.#8.6.11':25
- 'www.ne##.com':80
- '20#.#71.184.25':25
- '20#.#5.153.154':25
- '76.##.62.116':25
- '20#.#6.123.68':25
- '65.#4.244.8':25
- '65.##.92.136':25
- '21#.39.53.3':25
- '67.##5.168.31':25
- '21#.39.53.2':25
- '15#.#66.157.27':25
- '15#.#66.216.136':25
- '69.##.179.26':25
- '65.##.244.200':25
- '21#.#2.181.22':25
- www.ne##.com/
- DNS ASK www.we##her.com
- DNS ASK www.ao#.com
- DNS ASK www.hp.com
- DNS ASK www.ne##.com
- DNS ASK www.do###oad.com