Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Capture' = '<Полный путь к вирусу>'
- C:\40
- C:\33
- C:\07
- C:\58
- C:\scr.jpg
- <SYSTEM32>\startcap.dll
- <SYSTEM32>\Message.dll
- C:\screen.bmp
- 'we######08.idc3.35818.net':80
- we######08.idc3.35818.net/process.asp?pa##############################
- we######08.idc3.35818.net/win.asp
- DNS ASK we######08.idc3.35818.net