Техническая информация
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\wbem\scrcons.exe' -Embedding
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -Embedding
- '<SYSTEM32>\cmd.exe' %TEMP%\GMAILU~1.EXE
- '%TEMP%\gmailupdater.exe'
- '<SYSTEM32>\cscript.exe' /nologo C:\\DOCUME~1\\%USERNAME%\\LOCALS~1\\Temp\\updates.js
- <SYSTEM32>\wbem\scrcons.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1201' = '00000003'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'CurrentLevel' = '00011000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'CurrentLevel' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1201' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1400' = '00000000'
- %TEMP%\updates.js
- %TEMP%\gmailupdater.exe
- %TEMP%\gmailupdater.exe
- 'ap######1111.blogspot.com':80
- http://ap######1111.blogspot.com/feeds/posts/default?al#####
- DNS ASK ap######1111.blogspot.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''