Техническая информация
- '%TEMP%\s4.exe' /stext "%TEMP%\s4.txt" >NUL
- '%TEMP%\s5.exe' /stext "%TEMP%\s5.txt" >NUL
- '%TEMP%\s3.exe' /stext "%TEMP%\s3.txt" >NUL
- '%TEMP%\s1.exe' /stext "%TEMP%\s1.txt" >NUL
- '%TEMP%\s2.exe' /stext "%TEMP%\s2.txt" >NUL
- [<HKLM>\Software\Mirabilis\ICQ\NewOwners]
- [<HKCU>\Software\Yahoo\Pager]
- [<HKCU>\Software\AIM\AIMPRO]
- [<HKCU>\Software\Paltalk]
- [<HKCU>\Software\Google\Google Talk\Accounts]
- [<HKCU>\Software\Mirabilis\ICQ\NewOwners]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- [<HKLM>\Software\Miranda]
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian]
- [<HKCU>\Software\America Online\AIM6\Passwords]
- [<HKCU>\Software\Microsoft\IdentityCRL]
- [<HKCU>\Software\Microsoft\MessengerService]
- %TEMP%\s3.txt
- %TEMP%\s5.exe
- %TEMP%\s5.txt
- %TEMP%\s4.txt
- %TEMP%\s2.exe
- %TEMP%\s1.exe
- %TEMP%\s4.exe
- %TEMP%\s3.exe
- %TEMP%\s3.exe
- %TEMP%\s2.exe
- %TEMP%\s5.exe
- %TEMP%\s4.exe
- %TEMP%\s4.txt
- %TEMP%\s3.txt
- %TEMP%\s1.exe
- %TEMP%\s5.txt
- 'sm##.gmail.com':587
- DNS ASK sm##.gmail.com