Техническая информация
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\141281c0fb6a2598241036a550dc69ef_ffcb838e-6d3b-4e44-a259-8ac8f5c94c4f
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-1275210071-117609710-1801674531-500\296a93db5e1c4fe5631f151c79e41ce9_ffcb838e-6d3b-4e44-a259-8ac8f5c94c4f
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\Preferred
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\c0a72168-0517-4931-a44f-ee38f0f8b1d9
- %TEMP%\nsc2.tmp\System.dll
- %TEMP%\seosoft.exe
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-1275210071-117609710-1801674531-500\3fb5ad9aaf41ced9392dfbcbf0398fbe_ffcb838e-6d3b-4e44-a259-8ac8f5c94c4f
- %APPDATA%\Microsoft\Protect\S-1-5-21-1275210071-117609710-1801674531-500\ee21ac58-6da8-45e8-893a-ea1233daf2d2
- %TEMP%\nsc2.tmp\System.dll
- 'www.se###olbox.cn':80
- www.se###olbox.cn/newverson.html
- DNS ASK www.se###olbox.cn
- DNS ASK www.pp##.net
- DNS ASK www.pp##.com
- ClassName: 'Shell_TrayWnd' WindowName: ''