Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows' = '%APPDATA%\System\Oracle\smss.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows' = '%WINDIR%\explorer\smss.exe'
- '%APPDATA%\System\Oracle\smss.exe'
- %APPDATA%\System\Oracle\azioklmpx\hzid\hzid.txt
- %APPDATA%\System\Oracle\smss.exe
- %APPDATA%\System\Oracle\azioklmpx\hzid\hzid.txt
- %APPDATA%\System\Oracle\smss.exe
- %APPDATA%\System\Oracle\smss.exe
- 'fo###tfire.me':80
- 'z1##z3.me':80
- fo###tfire.mehttp://forestfire.me/imm/includes/verif.php
- z1##z3.mehttp://z1z2z3.me/imm/includes/verif.php
- DNS ASK fo###tfire.me
- DNS ASK z1##z3.me
- ClassName: 'Indicator' WindowName: ''