Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\buy2.exe' = '%TEMP%\buy2.exe:*:Enabled:buy2'
- '%TEMP%\buy2.exe' h6kU036CuCFreO84
- '%TEMP%\buy1.exe'
- [<HKCU>\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Software\RimArts\B2\Settings]
- [<HKLM>\Software\Ghisler\Total Commander]
- [<HKCU>\SOFTWARE\Far\Plugins\FTP\Hosts]
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook]
- [<HKCU>\Identities\{5518F2FB-DB74-45A3-BEC1-4575D8D9DC84}\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian]
- [<HKLM>\SOFTWARE\Miranda]
- [<HKCU>\SOFTWARE\RIT\The Bat!]
- [<HKLM>\Software\Ghisler\Windows Commander]
- [<HKCU>\Software\Ghisler\Total Commander]
- [<HKCU>\Software\Ghisler\Windows Commander]
- C:\index.htm
- %TEMP%\buy2.exe
- %TEMP%\buy1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].php
- http://ad#####.czjam.czweb.org/adv/index.php?to#######################################################################################################################
- http://ma#####hotoworks.com/admin/getfile.php
- http://nw####ineers.com/admin/getfile.php
- http://ky###kabila.com/admin/getfile.php
- DNS ASK
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'PROGMAN' WindowName: ''