Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'WebCheck' = '{E6FB5E20-DE35-11CF-9C87-00AA005127ED}'
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\_print_me] 'Name' = '%TEMP%\mstoak32.dll'
- <SYSTEM32>\spoolsv.exe
- iexplore.exe
- <SYSTEM32>\mstoak32.dll
- %WINDIR%\Temp\~01DB9F.tmp
- %TEMP%\mstoak32.dll
- 'go####-yandex.cc':80
- DNS ASK go####-yandex.cc