Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>' = '<SYSTEM32>\system32s.exe'
- <SYSTEM32>\id.list
- <SYSTEM32>\comment.list
- <SYSTEM32>\log.txt
- <SYSTEM32>\cafe.list
- <SYSTEM32>\address.list
- <SYSTEM32>\system32s.exe
- <SYSTEM32>\string.list
- <SYSTEM32>\stat.list
- 'ca##.naver.com':80
- 'www.co#.kr':80
- 'vp##.mizs.kr':80
- vp##.mizs.kr/jk/cafe.txt
- vp##.mizs.kr/jk/id.txt
- ca##.naver.com/joonggonara
- www.co#.kr/domain_ok.php?mo##################################################################################################################################################################################
- vp##.mizs.kr/jk/string.txt
- vp##.mizs.kr/jk/stat.txt
- vp##.mizs.kr/jk/comment.txt
- vp##.mizs.kr/jk/address.txt
- www.co#.kr/login_ok.php
- DNS ASK ca##.naver.com
- DNS ASK www.co#.kr
- DNS ASK vp##.mizs.kr