Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'qvonglcy.exe' = '%HOMEPATH%\AppWm\qvonglcy.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hhpnsruh.exe' = '%HOMEPATH%\AppWm\hhpnsruh.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ayiqcpoe.exe' = '%HOMEPATH%\AppWm\ayiqcpoe.exe'
- %HOMEPATH%\AppWm\hhpnsruh.exe
- %HOMEPATH%\AppWm\qvonglcy.exe
- %HOMEPATH%\AppWm\ayiqcpoe.exe
- %HOMEPATH%\AppWm\qvonglcy.exe (загружен из сети Интернет)
- %HOMEPATH%\AppWm\ayiqcpoe.exe (загружен из сети Интернет)
- %HOMEPATH%\AppWm\hhpnsruh.exe (загружен из сети Интернет)
- %HOMEPATH%\AppWm\hhpnsruh.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\favicon3[1].png
- %HOMEPATH%\AppWm\qvonglcy.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\favicon1[1].png
- %HOMEPATH%\AppWm\ayiqcpoe.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\favicon2[1].png
- 'ju#####ovos.tempsite.ws':80
- ju#####ovos.tempsite.ws/favicon3.png
- ju#####ovos.tempsite.ws/favicon4.png
- ju#####ovos.tempsite.ws/favicon1.png
- ju#####ovos.tempsite.ws/favicon2.png
- DNS ASK ju#####ovos.tempsite.ws
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''