Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Reg88E6680F' = '%WINDIR%\Debug\Web_Reg88E6680F.exe'
- %WINDIR%\Debug\Web_Reg88E6680F.exe
- <Полный путь к вирусу>
- 'mu######.webcindario.com':80
- 'localhost':1039
- '67.##5.160.76':80
- http://mu######.webcindario.com/cfg_004.txt
- http://mu######.webcindario.com/cfg_005.txt
- http://mu######.webcindario.com/cfg_003.txt
- http://mu######.webcindario.com/cfg_001.txt
- http://mu######.webcindario.com/cfg_002.txt
- DNS ASK mu######.webcindario.com
- DNS ASK www.ya##o.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TAppBuilder' WindowName: ''
- ClassName: '' WindowName: 'Web_Reg88E6680F'