Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'msctrl' = '<SYSTEM32>\msctrl\msctrl.exe'
- '<SYSTEM32>\msctrl\msctrli.exe'
- '%HOMEPATH%\Desktop\Software.exe'
- '<SYSTEM32>\msctrl\MinDrv.exe'
- '%HOMEPATH%\Desktop\Software.exe' (загружен из сети Интернет)
- '<SYSTEM32>\msctrl\MinDrv.exe' (загружен из сети Интернет)
- '<SYSTEM32>\msctrl\msctrli.exe' (загружен из сети Интернет)
- <SYSTEM32>\msctrl\msctrli.mov
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\Software[1].mov
- %HOMEPATH%\Desktop\Software.mov
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\MinDrv[1].mov
- <SYSTEM32>\msctrl\MinDrv.mov
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\msctrli[1].mov
- %HOMEPATH%\Desktop\Software.mov в %HOMEPATH%\Desktop\Software.exe
- <SYSTEM32>\msctrl\msctrli.mov в <SYSTEM32>\msctrl\msctrli.exe
- <SYSTEM32>\msctrl\MinDrv.mov в <SYSTEM32>\msctrl\MinDrv.exe
- 'dl.#####oxusercontent.com':80
- 'localhost':1035
- dl.#####oxusercontent.com/s/vs3i9649mvocadi/Software.mov
- dl.#####oxusercontent.com/s/kgu6thg9slu865t/msctrli.mov
- dl.#####oxusercontent.com/s/3vk4jgip4yp0y9o/MinDrv.mov
- DNS ASK dl.#####oxusercontent.com
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'