Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'diroywusaki.exe' = '%APPDATA%\Roaming\diroywusaki.exe'
- '%APPDATA%\Roaming\diroywusaki.exe'
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEE4.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEF5.tmp
- %APPDATA%\Roaming\diroywusaki.exe
- %APPDATA%\Roaming\diroywusaki.exe
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEE4.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEF5.tmp
- 'n3###ino.biz':80
- n3###ino.biz/wp-content/themes/default/images/pics/tasks.php?ge################################
- DNS ASK n3###ino.biz
- ClassName: 'Indicator' WindowName: '(null)'