Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'lipo' = 'C:\tem\Module.exe'
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' http://www.li###odes.com/SuperCopyPaste/welcome.php
- C:\tem\archive.xml
- C:\tem\active.txt
- <SYSTEM32>\d3d9caps.dat
- <SYSTEM32>\d3d9caps.dat
- 'localhost':1038
- 'li###odes.com':80
- http://www.li###odes.com/SuperCopyPaste/welcome.php via li###odes.com
- DNS ASK www.li###odes.com
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''