Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Java(TM) Web Start Launcher' = '"%TEMP%\plugin-container.exe"'
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" /v "Java(TM) Web Start Launcher" /t REG_SZ /d ""%TEMP%\plugin-container.exe"" /f
- <SYSTEM32>\wscript.exe "<LS_APPDATA>\amb04.vbs"
- <SYSTEM32>\wscript.exe ""%HOMEPATH%\Local Settings\Temp""\t999.vbs
- <SYSTEM32>\ipconfig.exe /all
- <SYSTEM32>\find.exe "VMware"
- <SYSTEM32>\findstr.exe "www.li####efensiva.org" <DRIVERS>\etc\hosts
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\ads[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\payperview[1].php
- <Текущая директория>\googleanalytics.txt
- %TEMP%\~1.bat
- <LS_APPDATA>\amb04.vbs
- %TEMP%\t999.vbs
- %TEMP%\~1.bat
- 'gr#####.csharp-access.com':80
- 'do######.csharp-access.com':80
- 'localhost':1036
- 'localhost':1038
- do######.csharp-access.com/payperview.php
- gr#####.csharp-access.com/ads.php?tp##########################################
- DNS ASK do######.csharp-access.com
- DNS ASK gr#####.csharp-access.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''