Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe] 'Debugger' = 'C:\Program-Files\Services.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'My Girl' = 'C:\Program-Files\Services.exe'
- скрытых файлов
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\myfile[1].php
- <Текущая директория>\000.000
- C:\Program-Files\Services.exe
- C:\Program-Files\Services.exe
- 'www.bi###ring.com':80
- 'localhost':1035
- www.bi###ring.com/mail/file_browser/myfile.php?fi###########################################################################################
- DNS ASK www.bi###ring.com