Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MServices.exe' = '%TEMP%\MServices.exe'
- mservices.exe
- %TEMP%\mservices.exe
- %TEMP%\ixp000.tmp\cds.cdd
- %TEMP%\ixp000.tmp\cds.exe
- %TEMP%\ixp000.tmp\lua5.1.dll
- %TEMP%\ixp000.tmp\lua51.dll
- %TEMP%\ixp000.tmp\630_10.png
- %TEMP%\ixp000.tmp\ap1.dat
- %TEMP%\ixp000.tmp\ap2.dat
- %TEMP%\ixp000.tmp\ap3.dat
- %TEMP%\ixp000.tmp\fs.settings
- %TEMP%\ixp000.tmp\c.dat
- %TEMP%\ixp000.tmp\cdd.zip
- %TEMP%\ixp000.tmp\crypted.exe
- %TEMP%\ixp000.tmp\cdd.zip
- %TEMP%\ixp000.tmp\c.dat
- %TEMP%\ixp000.tmp\fs.settings
- %TEMP%\ixp000.tmp\ap3.dat
- %TEMP%\ixp000.tmp\ap2.dat
- %TEMP%\ixp000.tmp\ap1.dat
- %TEMP%\ixp000.tmp\630_10.png
- %TEMP%\ixp000.tmp\lua51.dll
- %TEMP%\ixp000.tmp\lua5.1.dll
- %TEMP%\ixp000.tmp\cds.exe
- %TEMP%\ixp000.tmp\cds.cdd
- %TEMP%\ixp000.tmp\crypted.exe
- DNS ASK ip##pi.com
- DNS ASK fr###eoip.net
- ClassName: 'MS_WINHELP' WindowName: ''
- '%TEMP%\mservices.exe'
- '%TEMP%\ixp000.tmp\cds.exe'
- '%TEMP%\ixp000.tmp\crypted.exe'