Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows NT Login Application' = '%APPDATA%\winlogons.exe'
- %APPDATA%\bit2\unzip.exe (загружен из сети Интернет) %APPDATA%\bit2\file.zip -d %APPDATA%\bit2
- %APPDATA%\winlogons.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\unzip[1].exe
- %APPDATA%\bit2\unzip.exe
- %APPDATA%\bit2\file.zip
- %APPDATA%\winlogons.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\file[1].zip
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\unzip[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\file[1].zip
- 'dl.##opbox.com':80
- 'www.mo####anblade.com':80
- 'gi##ub.com':443
- dl.##opbox.com/u/9540070/unzip.exe
- www.mo####anblade.com/ftp/pics/articles/unzip.exe
- www.mo####anblade.com/ftp/pics/articles/file.zip
- DNS ASK dl.##opbox.com
- DNS ASK www.mo####anblade.com
- DNS ASK gi##ub.com
- ClassName: 'Indicator' WindowName: ''