Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'VoipDiscount' = '"<Полный путь к вирусу>" -nosplash -minimized'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к вирусу>' = '<Полный путь к вирусу>:*:Enabled:VoipDiscou...
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\dac56a91d0232dd42d2178b7ebc3b6e8_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\122127ce0ab145a76394012300abc188_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %TEMP%\~DFE01B.tmp
- %APPDATA%\Microsoft\Protect\CREDHIST
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
- 'cl####.voipdiscount.com':80
- 'localhost':1036
- http://cl####.voipdiscount.com/banner/banner.aspx?us############################################
- DNS ASK ch.##ol.ntp.org
- DNS ASK cl####.voipdiscount.com
- 'localhost':12831
- 'ch.##ol.ntp.org':123
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''