Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'init' = '01'
- Средство контроля пользовательских учетных записей (UAC)
- %PROGRAM_FILES%\mscrt.exe -runserivce
- %PROGRAM_FILES%\hpsewx.exe -runserivce
- %PROGRAM_FILES%\mscrt.exe (загружен из сети Интернет)
- %PROGRAM_FILES%\hpsewx.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\file2[1].zip
- %PROGRAM_FILES%\mscrt.exe
- %PROGRAM_FILES%\hpsewx.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gravainfo[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\file1[1].zip
- '72.##.206.103':80
- 'se###dariop.com':80
- 'localhost':1036
- 72.##.206.103/arquivos/file2.zip
- 72.##.206.103/arquivos/file1.zip
- se###dariop.com/contador/gravainfo.php?&l####################
- DNS ASK se###dariop.com
- ClassName: 'Indicator' WindowName: ''