Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'fumagouc' = '<SYSTEM32>\hycyfujip.exe'
- из <Полный путь к вирусу> в <SYSTEM32>\hycyfujip.exe
- '74.##5.25.26':25
- '66.##.237.64':25
- '74.##5.137.27':25
- '74.##5.142.26':25
- '66.##.237.139':25
- '74.#.136.244':25
- '66.##.238.147':25
- '98.##6.217.202':25
- '98.##6.216.25':25
- 'www.ip###cken.com':80
- 'www.my###ddress.com':80
- 'www.sh####address.com':80
- 'wh#####yipaddress.com':80
- 'www.ip###ress.com':80
- 'ch####p.dyndns.com':80
- '17#.#94.76.26':25
- 'www.fi####p-address.org':80
- 'www.gr###ter.com':80
- '98.##9.54.60':25
- '65.##.92.168':25
- '65.##.92.152':25
- '65.##.188.72':25
- '65.##.92.184':25
- '65.##.92.136':25
- '65.#5.37.88':25
- '65.#5.37.72':25
- '65.##.37.120':25
- '65.##.37.104':25
- '66.##6.118.36':25
- '66.##6.118.35':25
- '98.##6.216.26':25
- '67.##5.168.230':25
- '66.##6.118.34':25
- '65.##.188.110':25
- '65.##.188.94':25
- '66.##6.118.33':25
- '65.##.188.126':25
- www.ip###cken.com/
- www.my###ddress.com/
- www.sh####address.com/
- wh#####yipaddress.com/
- www.gr###ter.com/
- ch####p.dyndns.com/
- www.ip###ress.com/
- www.fi####p-address.org/
- DNS ASK www.ip###cken.com
- DNS ASK www.my###ddress.com
- DNS ASK www.sh####address.com
- DNS ASK wh#####yipaddress.com
- DNS ASK www.gr###ter.com
- DNS ASK ch####p.dyndns.com
- DNS ASK www.ip###ress.com
- DNS ASK www.fi####p-address.org
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'