Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'JMJpFMK' = '%ALLUSERSPROFILE%\Start Menu\Programs\start.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\xsrOLvGk3L.eu.url
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %TEMP%\rDUmG9iP.q
- %APPDATA%\Monitor\Screenshots\04-14-2017\5.54 AM
- %TEMP%\aut1.tmp
- %APPDATA%\xsrOLvGk3L\xsrOLvGk3L.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\start.exe
- %TEMP%\aut1.tmp
- '18#.#66.236.103':18342