Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\Roaming\Other.res'
- '<SYSTEM32>\ctfmon.exe'
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\wermgr.exe' -queuereporting
- <SYSTEM32>\svchost.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ub-hsnjsl-uhdp-sxxsbaqeqs-ijyh-ekkp-jscpxr-jdloehocmy-iogg-towspzmatuwnzwpvumoadqlo-nngsuhrxqepz-cveh_ulggumldkgvdqw-uqqn-uwyl-uqdo_gpwgtbdevmcbes-wp[1].html
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\icanallssjpkzetbibagsv_bnkw-vpjbszupewyv-ixecabctgkll_hvey-vjzbfsivoanjjwfbfmfofknohf-bibaqr-uivz_dold_lnbncd-bfjw-injh-esinbuqqchno-bpgd-noonpd-ko[1].html
- %APPDATA%\Roaming\Other.res
- %APPDATA%\Roaming\Other.ico
- 'bk#t.ru':80
- 'bk#s.su':80
- bk#t.ru/forums/icanallssjpkzetbibagsv_bnkw-vpjbszupewyv-ixecabctgkll_hvey-vjzbfsivoanjjwfbfmfofknohf-bibaqr-uivz_dold_lnbncd-bfjw-injh-esinbuqqchno-bpgd-noonpd-ko.html
- bk#s.su/forums/ub-hsnjsl-uhdp-sxxsbaqeqs-ijyh-ekkp-jscpxr-jdloehocmy-iogg-towspzmatuwnzwpvumoadqlo-nngsuhrxqepz-cveh_ulggumldkgvdqw-uqqn-uwyl-uqdo_gpwgtbdevmcbes-wp.html
- DNS ASK bk#t.ru
- DNS ASK bk#s.su
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'