Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GrAFPYgSYMuoYt' = '%ALLUSERSPROFILE%\Application Data\GrAFPYgSYMuoYt.exe'
- Диспетчера задач (Taskmgr)
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '%ALLUSERSPROFILE%\Application Data\GrAFPYgSYMuoYt.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/...
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments] 'SaveZoneInformation' = '00000001'
- [<HKCU>\Software\Microsoft\Internet Explorer\Download] 'CheckExeSignatures' = 'no'
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs3.tmp
- %ALLUSERSPROFILE%\Application Data\GrAFPYgSYMuoYt.exe
- %TEMP%\InternetExplorerUpdate.exe
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs2.tmp
- из <Полный путь к вирусу> в %TEMP%\tmp1.tmp
- 'ma##idge.in':80
- 'se####adorable.org':80
- http://ma##idge.in/pica1/490-direct
- http://se####adorable.org/404.php?ty##################################
- DNS ASK ma##idge.in
- DNS ASK se####adorable.org
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b64.b68.380001'
- ClassName: 'Indicator' WindowName: ''