Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'mLaPf06307' = '%ALLUSERSPROFILE%\Application Data\mLaPf06307\mLaPf06307.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Inoyikotadoqev' = 'rundll32.exe "%WINDIR%\moinusad.dll",Startup'
- '%ALLUSERSPROFILE%\Application Data\mLaPf06307\mLaPf06307.exe' "<LS_APPDATA>\165719.exe"
- '<LS_APPDATA>\165719.exe'
- '<LS_APPDATA>\165718.exe'
- '<SYSTEM32>\rundll32.exe' "%WINDIR%\moinusad.dll",iep
- '<SYSTEM32>\rundll32.exe' "%WINDIR%\moinusad.dll",Startup
- %ALLUSERSPROFILE%\Application Data\mLaPf06307\mLaPf06307
- %ALLUSERSPROFILE%\Application Data\mLaPf06307\mLaPf06307.exe
- %WINDIR%\ibigebut.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\CAJQG7BP.php
- <LS_APPDATA>\165719
- <LS_APPDATA>\165719.exe
- <LS_APPDATA>\165718.exe
- %WINDIR%\moinusad.dll
- <LS_APPDATA>\165719.exe
- <LS_APPDATA>\165719
- '01######0612.weirden.com':80
- 'localhost':1036
- '19#.#.147.14':80
- 19#.#.147.14/install.php?af#########
- DNS ASK 01######0612.weirden.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'