Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\msvdsrv] 'Start' = '00000002'
- '<SYSTEM32>\msvid.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\Deleteme.bat
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\whatismyipaddress[1]
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\cmyip[1]
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\whatsmyip[1]
- %TEMP%\Deleteme.bat
- %ALLUSERSPROFILE%\ntuser.dat.LOG
- %ALLUSERSPROFILE%\ntuser.dat
- <SYSTEM32>\msvid.exe
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\whatsmyip[1]
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\cmyip[1]
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\whatismyipaddress[1]
- 'www.wh###myip.org':80
- 'ku###.sunsharp.net':80
- 'wh#####yipaddress.com':80
- 'www.cm##p.com':80
- www.wh###myip.org/
- ku###.sunsharp.net/image/datest.gif
- wh#####yipaddress.com/
- www.cm##p.com/
- DNS ASK www.wh###myip.org
- DNS ASK ku###.sunsharp.net
- DNS ASK wh#####yipaddress.com
- DNS ASK www.cm##p.com