Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'msieckc.exe' = '%APPDATA%\Microsoft\Crypto\DES64v7\msieckc.exe'
- '%APPDATA%\Microsoft\Crypto\DES64v7\msieckc.exe'
- %APPDATA%\Microsoft\Crypto\DES64v7\msieckc.exe
- 'wh###high.com':80
- 'mo####chiscrt.com':80
- wh###high.com/major/images/view.php
- mo####chiscrt.com/major/images/view.php
- DNS ASK wh###high.com
- DNS ASK mo####chiscrt.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''