Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'McUpdate' = '"%TEMP%\winword.exe"'
- '%TEMP%\winword.exe'
- '<SYSTEM32>\cmd.exe' /c del <Полный путь к вирусу> > nul
- %TEMP%\index.dat
- %TEMP%\winword.exe
- <Текущая директория>\2014 ASIA-PACIFIC REMOTE SENSING Call for Papers.pdf
- %TEMP%\index.dat
- 'sp##.##lesservices.net':80
- '20#.#6.232.182':80
- http://sp##.##lesservices.net/conference/2014/index.asp?17#####
- http://www.microsoft.com/ via 20#.#6.232.182
- DNS ASK sp##.##lesservices.net
- DNS ASK www.microsoft.com
- ClassName: 'Indicator' WindowName: ''