Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winlogon' = '%HOMEPATH%\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<DRIVERS>\services.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '[system]' = '<DRIVERS>\services.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '[system]' = '<DRIVERS>\services.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winlogon' = '%HOMEPATH%\svchost.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\userinit.exe
- %TEMP%\17081.exe
- %TEMP%\yura.exe
- %HOMEPATH%\svchost.exe
- <SYSTEM32>\kr_done1
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sateliting[1]
- %TEMP%\yura.exe
- %TEMP%\17081.exe
- <DRIVERS>\services.exe
- 'tr###.loadmore.eu':80
- 'sa###iting.cn':80
- tr###.loadmore.eu/t/d2hsdWF3OzJ0OHY5Oj0,cyJtIG8kaUVyam9zeHk9Tn5DSgIRAkxDUU1bFx0CHQAdCQECHQYEDgdEDwgCDA0QDXF5cmUlM3smPi4pKGIoNip2IzMgaWVwMS06MWZteysxCRBfUkIEBQQHHAQfURQbHRE=/count.htm
- sa###iting.cn/?&v################
- DNS ASK tr###.loadmore.eu
- DNS ASK sa###iting.cn
- ClassName: 'Indicator' WindowName: ''