Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ytyqyc' = '%APPDATA%\Microsoft\Windows\Maximal\ytyqyc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'odyret' = '%APPDATA%\Microsoft\Windows\Maximal\odyret.exe'
- '<SYSTEM32>\regsvr32.exe' /s jscript.dll
- <SYSTEM32>\cscript.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\local[1].htm
- %APPDATA%\Microsoft\Windows\Maximal\ytyqyc.exe
- %APPDATA%\Microsoft\Windows\Maximal\odyret.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\local[1].htm
- %APPDATA%\Microsoft\Windows\Maximal\odyret.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\local[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\local[1].htm
- '21#.#17.168.88':80
- 21#.#17.168.88/mine/local.php
- ClassName: 'Indicator' WindowName: '(null)'