Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'FlashUpdate' = '%HOMEPATH%\Documents\Update.exe '
- '%TEMP%\_ir_sf_temp_0\irsetup.exe' __IRAOFF:1717610 "__IRAFN:<Полный путь к вирусу>" "__IRCT:3" "__IRTSS:0" "__IRSID:S-1-5-21-3525224950-2885160813-905547259-1000"
- '<SYSTEM32>\wermgr.exe' -queuereporting
- '<SYSTEM32>\taskhost.exe' $(Arg0)
- C:\ProgramData\Microsoft\RAC\Temp\sql8536.tmp
- %HOMEPATH%\Documents\Update.exe
- %TEMP%\_ir_sf_temp_0\Update.exe
- C:\ProgramData\Microsoft\RAC\Temp\sqlC63C.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlC61C.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql8516.tmp
- %TEMP%\_ir_sf_temp_0\lua5.1.dll
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- %TEMP%\_ir_sf_temp_0\IRIMG1.JPG
- %TEMP%\_ir_sf_temp_0\IRIMG1.BMP
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- C:\ProgramData\Microsoft\RAC\Temp\sql8516.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql8536.tmp
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- 'st###04web.com':80
- 'ru##box.com':80
- st###04web.com/files/man-store917/man_lookdown.php?na##################
- ru##box.com/man_lookdown2.php?id######
- DNS ASK st###04web.com
- DNS ASK ru##box.com
- ClassName: 'OleMainThreadWndClass' WindowName: '(null)'