Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "<SYSTEM32>\IME\csrss.exe"'
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://22#.#04.249.240/igg//online/?s=######################################################################################
- '%WINDIR%\regedit.exe' /s <SYSTEM32>\tmp.reg
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '{A8A88C49-5EB2-4990-A1A2-0876022C854F}' = '{1a,37,61,59,23,52,35,0c,7a,5f,20,17,2f,1e,1a,19,0e,2b,01,73,13,37,13,12,14,1a,15,2a}'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '{AEBA21FA-782A-4A90-978D-B72164C80120}' = '{1a,37,61,59,23,52,35,0c,7a,5f,20,17,2f,1e,1a,19,0e,2b,01,73,13,37,13,12,14,1a,15,2a}'
- <SYSTEM32>\tmp.reg
- <SYSTEM32>\tmp.htm
- <SYSTEM32>\IME\csrss.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\online[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\online[1]
- 'localhost':1039
- 'localhost':1041
- 'localhost':1037
- '22#.#04.249.240':80
- 22#.#04.249.240/igg//online/?s=######################################################################################
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: ''