Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Adobe Reader Speed Launcher' = '<SYSTEM32>\srs.vbs\'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MScon' = '%APPDATA%\mm\MScon.vbs'
- <SYSTEM32>\pss.exe /shtml %APPDATA%\mm\pss.html
- %PROGRAM_FILES%\Company\mss\PowerISO 4.8.0.exe
- <SYSTEM32>\wscript.exe "%APPDATA%\mm\MScon.vbs"
- %TEMP%\nsv2.tmp
- %PROGRAM_FILES%\Company\mss\PowerISO 4.8.0.exe
- %TEMP%\nsb3.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ip[1]
- C:\Documents
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %APPDATA%\mm\MScon.vbs
- <SYSTEM32>\pss.exe
- <SYSTEM32>\srs.vbs
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- '94.##0.191.201':2525
- 'if##nfig.me':80
- 'localhost':1036
- if##nfig.me/ip
- DNS ASK sm##.mail.ru
- DNS ASK if##nfig.me
- ClassName: '#32770' WindowName: ''
- ClassName: 'SCDEMUAPP_C2C80BFA WNDCLASS' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''