Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '%WINDIR%\Debug\Web_Reg88E6680F.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\cfg_003[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\cfg_004[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfg_005[1].txt
- %WINDIR%\Debug\Web_Reg88E6680F.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfg_001[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cfg_002[1].txt
- <Полный путь к вирусу>
- 'mu######.webcindario.com':80
- 'localhost':1038
- '67.##5.160.76':80
- mu######.webcindario.com/cfg_004.txt
- mu######.webcindario.com/cfg_005.txt
- mu######.webcindario.com/cfg_003.txt
- mu######.webcindario.com/cfg_001.txt
- mu######.webcindario.com/cfg_002.txt
- DNS ASK mu######.webcindario.com
- DNS ASK www.ya##o.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'TAppBuilder' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Web_Reg88E6680F'