Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'myprogram' = '%APPDATA%\seized.exe'
- '%APPDATA%\seized.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\ipconfig.exe' /release
- %APPDATA%\landing.bmp
- %TEMP%\nsf4.tmp\likableness.dll
- %APPDATA%\seized.exe
- %TEMP%\pargasite\likableness.c
- %TEMP%\nsh2.tmp\likableness.dll
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\nsh2.tmp\likableness.dll
- %TEMP%\nsf4.tmp\likableness.dll
- 'me####.vdsinside.com':80
- 'localhost':1038
- me####.vdsinside.com/manage/check.php?hw#######################################
- me####.vdsinside.com/land/Swiss.bmp
- DNS ASK me####.vdsinside.com
- ClassName: 'Indicator' WindowName: ''