Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'pouquijij' = '<SYSTEM32>\daregouzouh.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\ayoiaii5immiue] 'Start' = '00000002'
- %TEMP%\woufuC3CFBBCA.tmp
- <SYSTEM32>\vavojood.exe
- из <SYSTEM32>\fahouvoud.exe в <SYSTEM32>\daregouzouh.exe
- из <Полный путь к вирусу> в <SYSTEM32>\fahouvoud.exe
- '20#.#5.237.25':25
- '21#.#39.127.176':25
- '74.##5.45.27':25
- '20#.#6.123.55':25
- '20#.#5.217.33':25
- '20#.#5.153.154':25
- 'www.li##.com':80
- 'www.go.com':80
- '64.#8.6.11':25
- '76.##.62.116':25
- '20#.#71.184.25':25
- '65.#4.244.8':25
- '65.##.92.136':25
- '21#.39.53.3':25
- '67.##5.168.31':25
- '21#.39.53.2':25
- '65.##.244.200':25
- '15#.#66.216.136':25
- '20#.#6.123.68':25
- '15#.#66.157.27':25
- '21#.#2.181.22':25
- '69.##.179.26':25
- www.go.com/
- www.li##.com/
- DNS ASK www.hp.com
- DNS ASK www.go.com
- DNS ASK www.li##.com