Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'msnat' = '"%TEMP%\msnat-3C10-F040-7FF80B4D.exe"'
- <SYSTEM32>\reg.exe add HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /t REG_SZ /f /v msnat /d ""%TEMP%\msnat-3C10-F040-7FF80B4D.exe""
- <SYSTEM32>\svchost.exe
- %TEMP%\msnat-3C10-F040-7FF80B4D.exe
- %TEMP%\msnat-3C10-F040-7FF80B4D.exe
- 'dd######trac.masa-mune.jp':80
- 'an###tech.in':80
- 'ca##ello.it':80
- 'ge#####rarim.biroudo.jp':80
- 'www.we##raw.it':80
- dd######trac.masa-mune.jp/029.html
- an###tech.in/vgbhommes/images/jagadishnagar-g-floor.gif
- ca##ello.it/images/archive_2.png
- ge#####rarim.biroudo.jp/025.html
- www.we##raw.it/files/dsc07579.jpg
- DNS ASK dd######trac.masa-mune.jp
- DNS ASK an###tech.in
- DNS ASK ar##im.kz
- DNS ASK ge#####rarim.biroudo.jp
- DNS ASK www.we##raw.it
- DNS ASK ca##ello.it
- ClassName: 'Indicator' WindowName: ''