Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FlashMute' = '%WINDIR%\flashmute.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32_twunk' = '%WINDIR%\32_twunk.exe'
- %WINDIR%\MZђ.exe
- %WINDIR%\flashmute.exe
- %WINDIR%\MZђ.exe (загружен из сети Интернет)
- <SYSTEM32>\ping.exe -n 1 -w 5000 www.google.com
- %WINDIR%\MZђ.exe
- %WINDIR%\tout.txt
- %WINDIR%\vlist.txt
- %TEMP%\temp505689-ssacsyf.txt
- %WINDIR%\flashmute.exe
- %WINDIR%\mutelib.dll
- %TEMP%\temp925735-ping.txt
- %WINDIR%\tout.txt
- %WINDIR%\vlist.txt
- %TEMP%\temp925735-ping.txt
- %TEMP%\temp505689-ssacsyf.txt
- 'di####connect.pl':80
- di####connect.pl/a9/tout.txt
- di####connect.pl/a9/vlist.txt
- di####connect.pl/a9/sw.txt
- di####connect.pl/a9/MZ?.e##
- DNS ASK di####connect.pl
- DNS ASK www.google.com
- '<IP-адрес в локальной сети>':1036
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'AutoHotkey' WindowName: '<Полный путь к вирусу>'