Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'runAPI82' = '"%TEMP%\runAPI57.exe"'
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen "%TEMP%\x_c50100a9.jpg"
- [<HKLM>\Software\Ghisler\Total Commander]
- [<HKCU>\Software\Ghisler\Total Commander]
- [<HKCU>\Software\Google\Google Talk\Accounts]
- [<HKLM>\SOFTWARE\FlashFXP]
- %TEMP%\report_04-07-2011_14-05-32.bin
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\whatismyip.akamai[1]
- %TEMP%\x_c50100a9.jpg
- %TEMP%\win32.exe
- %TEMP%\runAPI57.exe
- %TEMP%\report_04-07-2011_14-05-32.bin
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\whatismyip.akamai[1]
- 'ip.#6mb.com':80
- 'wh#####yip.akamai.com':80
- wh#####yip.akamai.com/
- ip.#6mb.com/sound/ufr.php
- DNS ASK ip.#6mb.com
- DNS ASK wh#####yip.akamai.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''