Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'iw0060@iwebWEB-iw0060@iweb.exe' = '<SYSTEM32>\iw0060@iweb\WEB-iw0060@iweb.exe -d'
- %WINDIR%\syswow64\iw0060@iweb\web-iw0060@iweb.exe
- %HOMEPATH%\desktop\adult1.lnk
- %PROGRAMDATA%\microsoft\windows\start menu\adult1.lnk
- %HOMEPATH%\favorites\adult1.lnk
- %LOCALAPPDATA%\microsoft\windows\history\adult1.lnk
- %APPDATA%\microsoft\windows\recent\adult1.lnk
- %TEMP%\web-iw0060@iweb.exe.mht
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\wbk300.tmp
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\banner1.jpg
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012020061820200619\index.dat
- %WINDIR%\syswow64\iw0060@iweb\web-iw0060@iweb.exe
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''