Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{GY072774-3PP7-L6XQ-CIKS-CX4O23GA4AW2}] 'StubPath' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU\Software\Microsoft\Windows\CurrentVersion\Run' = ''
- %WINDIR%\322Lula.exe
- <SYSTEM32>\calc.exe
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\newgen[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\panel[1].php
- %APPDATA%\Microsoft\Windows\--((Mutex))--.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\pop[1].txt
- %WINDIR%\InstallDir\calc.exe
- %WINDIR%\322Lula.exe.exe
- %WINDIR%\322Lula.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\newgen[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\pop[1].txt
- 'wa###ackfps.com':80
- 'localhost':1042
- 'localhost':1035
- '17#.#22.51.223':100
- wa###ackfps.com/panel.php?co#########
- wa###ackfps.com/newgen.php?co#########
- wa###ackfps.com/pop/pop.txt
- DNS ASK wa###ackfps.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'CrossFire' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''