Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AdobeReader' = '%APPDATA%\Roaming\AdobeReader\Reader.exe'
- '<SYSTEM32>\rundll32.exe' shell32.dll,Control_RunDLL "<Полный путь к вирусу>"
- %APPDATA%\Roaming\AdobeReader\temp.zip
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\firesoft[1].jpg
- 'ca#########do2014.hospedagemdesites.ws':80
- 'so########3.hospedagemdesites.ws':80
- ca#########do2014.hospedagemdesites.ws/contar2/notify.php
- so########3.hospedagemdesites.ws/markting/firesoft.jpg
- DNS ASK ca#########do2014.hospedagemdesites.ws
- DNS ASK so########3.hospedagemdesites.ws
- ClassName: 'Indicator' WindowName: ''