Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '9f03268e82461f179f372e61621f42d9' = '%ALLUSERSPROFILE%\Application Data\Important.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\app.exe
- '%TEMP%\File69.exe'
- '%TEMP%\File69.exe' (загружен из сети Интернет)
- '%HOMEPATH%\Start Menu\Programs\Startup\app.exe'
- [<HKCU>\Software\IMVU\username]
- %ALLUSERSPROFILE%\Application Data\CRNJEUFU_7_14_18_5_1.jpg
- %TEMP%\File69.exe
- %APPDATA%\New text document.txt
- %ALLUSERSPROFILE%\Application Data\Important.exe
- 'mu#######001-site1.btempurl.com':80
- 'de####tworks.blg.lt':80
- 'wp#d':80
- http://mu#######001-site1.btempurl.com/site/attorney/feed/bk/post.php?ty##########################################################
- http://de####tworks.blg.lt/site/site/attorney/feed/download.exe
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK mu#######001-site1.btempurl.com
- DNS ASK de####tworks.blg.lt
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: ''