Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\AYAgent.aye,'
- '<SYSTEM32>\AYAgent.aye'
- <Полный путь к вирусу>
- <SYSTEM32>\AYAgent.aye
- <SYSTEM32>\AYAgent.aye
- <SYSTEM32>\AYAgent.aye
- 'ww##.#lackgame.kr':80
- 'www.cl##.co.kr':80
- 'www.bo##979.com':80
- 'localhost':1039
- 'www.bl###game.kr':80
- ww##.#lackgame.kr/
- www.cl##.co.kr/
- www.bl###game.kr/
- www.bo##979.com/
- DNS ASK ww##.#lackgame.kr
- DNS ASK www.cl##.co.kr
- DNS ASK www.bl###game.kr
- DNS ASK www.bo##979.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''