Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '0000' = '%TEMP%\Simple.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] '0000' = '%TEMP%\Simple.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '0000' = '%TEMP%\Simple.exe'
- '<SYSTEM32>\0911.exe'
- '%PROGRAM_FILES%\Windows NT\0000.exe'
- '%TEMP%\Injector.exe'
- '%TEMP%\Simple.exe'
- '<SYSTEM32>\0911.exe' (загружен из сети Интернет)
- %PROGRAM_FILES%\Windows NT\0000.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\Simple[1].exe
- <SYSTEM32>\MSWINSCK.ocx
- %PROGRAM_FILES%\Windows NT\0000.exe
- <SYSTEM32>\0911.exe
- %TEMP%\Simple.exe
- %TEMP%\Injector.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mswinsck[1].ocx
- %TEMP%\~DF3056.tmp
- 'gh####rla.codns.com':9000
- 'pd###.egloos.com':80
- 'localhost':1036
- pd###.egloos.com/pds/201209/11/40/Simple.exe
- pd###.egloos.com/pds/201206/21/40/mswinsck.ocx
- DNS ASK gh####rla.codns.com
- DNS ASK pd###.egloos.com
- ClassName: 'TCPViewClass' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'