Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'emmadill' = '%APPDATA%\emma\emma.exe'
- '%HOMEPATH%\4x224e9mu614\zEBPtFuYVh.exe' oVFzVaGf.SSO
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %APPDATA%\imlgs\22-04-2014
- %APPDATA%\emma\emma.exe
- %APPDATA%\install.imp
- %HOMEPATH%\4x224e9mu614\izkzm.OOP
- %HOMEPATH%\4x224e9mu614\XEszaL.MQI
- %HOMEPATH%\4x224e9mu614\zEBPtFuYVh.exe
- %HOMEPATH%\4x224e9mu614\oVFzVaGf.SSO
- %HOMEPATH%\4x224e9mu614\oVFzVaGf.SSO
- %HOMEPATH%\4x224e9mu614\izkzm.OOP
- %HOMEPATH%\4x224e9mu614\XEszaL.MQI
- %HOMEPATH%\4x224e9mu614\zEBPtFuYVh.exe
- 'dr#####ord666.no-ip.biz':5002
- DNS ASK dr#####ord666.no-ip.biz
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'