Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\Other.res'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\rgrhplhitwaqppxknllpbnkujr-puqskkrvrv_pogc_gbdome-sseokuihdjafienexztrlm-kmgc-matb[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\guasxe-mtme-imqn-uhph-lplydo-absp-mreo-bpihqs-gkmn-luzfuz-aqblmepixitw-dgyl-adzkws-qspe-ad[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\vbbc-piuz-wiaf-ycroaybsulgr-fvzm-yosn-yhrt_lpsg-bdft-bxra-pqdj_klwqkknewemogntg-xptfdxkw[1].html
- %APPDATA%\Other.res
- %APPDATA%\icon.ico
- 'go#####lconvert1.com':80
- 'go#####lconvert0.com':80
- 'go####alconvert.com':80
- go#####lconvert1.com/news/guasxe-mtme-imqn-uhph-lplydo-absp-mreo-bpihqs-gkmn-luzfuz-aqblmepixitw-dgyl-adzkws-qspe-ad.html
- go#####lconvert0.com/forum/rgrhplhitwaqppxknllpbnkujr-puqskkrvrv_pogc_gbdome-sseokuihdjafienexztrlm-kmgc-matb.php
- go####alconvert.com/forums/vbbc-piuz-wiaf-ycroaybsulgr-fvzm-yosn-yhrt_lpsg-bdft-bxra-pqdj_klwqkknewemogntg-xptfdxkw.html
- DNS ASK go#####lconvert1.com
- DNS ASK go#####lconvert0.com
- DNS ASK go####alconvert.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'