Техническая информация
- <LS_APPDATA>\{ANYBG78I-0K3X-ZPKK-I74J-1F2SOISAX0ZP}\ukm1dwru.exe
- <LS_APPDATA>\{ANYBG78I-0K3X-ZPKK-I74J-1F2SOISAX0ZP}\rlvbmlaivugpi.exe -start
- <LS_APPDATA>\Temp\office.exe
- <LS_APPDATA>\{ANYBG78I-0K3X-ZPKK-I74J-1F2SOISAX0ZP}\ukm1dwru.exe (загружен из сети Интернет)
- <LS_APPDATA>\{ANYBG78I-0K3X-ZPKK-I74J-1F2SOISAX0ZP}\rlvbmlaivugpi.exe (загружен из сети Интернет)
- <SYSTEM32>\ipconfig.exe /renew
- <SYSTEM32>\ipconfig.exe /flushdns
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\mix001[1].zip
- <LS_APPDATA>\{ANYBG78I-0K3X-ZPKK-I74J-1F2SOISAX0ZP}\ukm1dwru.exe
- <LS_APPDATA>\{ANYBG78I-0K3X-ZPKK-I74J-1F2SOISAX0ZP}\rlvbmlaivugpi.exe
- <LS_APPDATA>\Temp\office.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Prefect01[1].zip
- 'dc###.4shared.com':80
- 'www.go###e.com.br':80
- dc###.4shared.com/download/fGwYlWwT/mix001.zip
- dc###.4shared.com/download/0AXFK9Kd/Prefect01.zip
- DNS ASK dc###.4shared.com
- DNS ASK www.go###e.com.br
- ClassName: 'Shell_TrayWnd' WindowName: ''