Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Predefined' = '<SYSTEM32>\Usermf\userm\dhclient.exe'
- скрытых файлов
- расширений файлов
- C:\ApplicationData\MZђ
- C:\ApplicationData\Ќ™Y
- <SYSTEM32>\Usermf\userm\fresh.exe
- <SYSTEM32>\Usermf\userm\dhclient.exe
- C:\ApplicationData\Ќ™Y (загружен из сети Интернет)
- C:\ApplicationData\MZђ (загружен из сети Интернет)
- <SYSTEM32>\notepad.exe <SYSTEM32>\Usermf\userm\halaat.txt
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\fresh.bat" "
- <SYSTEM32>\wscript.exe "<SYSTEM32>\Usermf\userm\power.vbs"
- C:\ApplicationData\MZђ
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\MZђ[1]
- C:\ApplicationData\Ќ™Y
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\Ќ™Y[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\getall[1].php
- <SYSTEM32>\Usermf\userm\dhclient.exe
- <SYSTEM32>\Usermf\userm\power.vbs
- %TEMP%\1.tmp\fresh.bat
- <SYSTEM32>\Usermf\userm\fresh.exe
- 'sh###ngcard.net':80
- sh###ngcard.net/Narco/plugins/?F####
- sh###ngcard.net/Narco/plugins/?ey####
- sh###ngcard.net/Narco/plugins/??Y
- sh###ngcard.net/Narco/getall.php?sy##############
- sh###ngcard.net/Narco/plugins/MZ?
- DNS ASK sh###ngcard.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''