Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'sidebar' = '%APPDATA%\Roaming\Sample.lnk'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\logmail.txt
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\logff.txt
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %APPDATA%\Roaming\PdyBK\wnsupd.exe
- %APPDATA%\Roaming\Sample.lnk
- %TEMP%\logff.txt
- %APPDATA%\Roaming\010112.txt
- %TEMP%\TarB5C8.tmp
- %TEMP%\CabB5C7.tmp
- %TEMP%\TarB656.tmp
- %TEMP%\CabB655.tmp
- %TEMP%\TarB656.tmp
- %TEMP%\logff.txt
- %TEMP%\CabB655.tmp
- %TEMP%\CabB5C7.tmp
- %TEMP%\TarB5C8.tmp
- 'www.my#p.ru':80
- 'sm##.gmail.com':587
- 'www.download.windowsupdate.com':80
- www.my#p.ru/en-EN/index.php
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- DNS ASK www.my#p.ru
- DNS ASK sm##.gmail.com
- DNS ASK www.download.windowsupdate.com