Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%TEMP%\winini.exe'
- %TEMP%\winini.exe
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v shell /t REG_SZ /d explorer.exe,"%TEMP%\winini.exe"
- [<HKCU>\Software\Paltalk]
- [<HKCU>\Software\Yahoo\pager]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].php
- %TEMP%\winini.exe
- 'www.ar##.square7.ch':80
- 'localhost':1036
- www.ar##.square7.ch/index.php?ac#####################################################################################################
- www.ar##.square7.ch/index.php?ac##############################################
- DNS ASK www.ar##.square7.ch
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''