Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '????-??????? ??? ????? Windows' = '%WINDIR%\svchost.exe'
- '<SYSTEM32>\reg.exe' ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "????-??????? ??? ????? Windows" /t REG_SZ /d "%WINDIR%\svchost.exe"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\IfoneIP[2].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\IfoneIP[2].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\IfoneIP[1].txt
- %WINDIR%\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\IfoneIP[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\IfoneIP[2].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\IfoneIP[2].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\IfoneIP[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\IfoneIP[1].txt
- 'kr####way.ucoz.net':80
- kr####way.ucoz.net/IfoneIP.txt
- DNS ASK kr####way.ucoz.net
- ClassName: 'Indicator' WindowName: '(null)'