Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WIN32DETCT' = '%APPDATA%\comime.exe'
- %APPDATA%\comime.exe
- %TEMP%\2.tmp
- %TEMP%\1.tmp
- %APPDATA%\comime.exe
- %TEMP%\2.tmp
- %TEMP%\1.tmp
- 'rd##.#ompress.to':80
- 'rd##.#ompress.to':443
- 'mo##.#rabdance.com':80
- 'mo##.#rabdance.com':443
- rd##.#ompress.to/0000/a171562.asp
- mo##.#rabdance.com/0000/a152890.asp
- DNS ASK rd##.#ompress.to
- DNS ASK mo##.#rabdance.com
- ClassName: 'Indicator' WindowName: '(null)'