Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows NT Login Application' = '%APPDATA%\winlogons.exe'
- %APPDATA%\bits\unzip.exe (загружен из сети Интернет) %APPDATA%\bits\files.zip -d %APPDATA%\bits
- %APPDATA%\winlogons.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\unzip[1].exe
- %APPDATA%\bits\unzip.exe
- %APPDATA%\bits\files.zip
- %APPDATA%\winlogons.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\Files[1].zip
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\unzip[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\Files[1].zip
- 'dl.##opbox.com':80
- 'www.mo####anblade.com':80
- 'gi##ub.com':80
- dl.##opbox.com/u/9540070/unzip.exe
- www.mo####anblade.com/ftp/pics/articles/reviews/unzip.exe
- gi##ub.com/downloads/taserz/bits/Files.zip
- DNS ASK dl.##opbox.com
- DNS ASK www.mo####anblade.com
- DNS ASK gi##ub.com
- ClassName: 'Indicator' WindowName: ''