Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'System' = '%WINDIR%\scvhost.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\command[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\server[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\command[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\server[1].txt
- %WINDIR%\scvhost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\server[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\command[1].txt
- %WINDIR%\scvhost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\command[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\server[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\command[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\server[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\command[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\server[1].txt
- 'mr###yen.com':80
- mr###yen.com/command.txt
- mr###yen.com/server.txt
- DNS ASK mr###yen.com