Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5fd3d' = '%TEMP%\5fd3d.exe'
- %TEMP%\5fd3d.exe <Полный путь к вирусу>
- <SYSTEM32>\svchost.exe %TEMP%\5fd3d.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\MTN8PT09PT09PT09PT0+iT49Pg--[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\MTE2fKSkpKSkpKSkpKSkpfClpKU-[1]
- %TEMP%\5fd3d.exe
- 'up#######ndows.bluestartw.com':80
- up#######ndows.bluestartw.com/MTN8PT09PT09PT09PT0+iT49Pg--
- up#######ndows.bluestartw.com/MTE2fKSkpKSkpKSkpKSkpfClpKU-
- DNS ASK up#######ndows.bluestartw.com
- '<IP-адрес в локальной сети>':1036