Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'abdo' = '%TEMP%\FileTmp.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{99394D37-B3AE-C9C9-6214-867B410ACAED}] 'StubPath' = '%TEMP%\FileTmp.exe'
- %TEMP%\FileTmp.exe
- C:\3.exe
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen c:\rose rouge.jpg
- %WINDIR%\Explorer.EXE
- msnmsgr.exe
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\699c4b9cdebca7aaea5193cae8a50098_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %HOMEPATH%\Recent\Local Disk (C).lnk
- %TEMP%\FileTmp.exe
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\b8f84854-35b9-4ba6-8d29-e480dd2cedba
- C:\rose rouge.jpg
- C:\3.exe
- %HOMEPATH%\Recent\rose rouge.lnk
- 'te####.no-ip.biz':3460
- 'fo#####009.no-ip.biz':3460
- DNS ASK te####.no-ip.biz
- DNS ASK fo#####009.no-ip.biz
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''