Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Win32Pro' = '%WINDIR%\Win32Pro.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'WinReg' = '%HOMEPATH%\WinReg.exe'
- %WINDIR%\win32pro.exe
- %HOMEPATH%\winreg.exe
- %WINDIR%\win32pro.exe
- %HOMEPATH%\winreg.exe
- http://tu######eb.altervista.org/ProgettoArcaNET/FristPage.html
- DNS ASK tu######eb.altervista.org
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''