Техническая информация
- [HKLM\System\CurrentControlSet\Services\SrvMngmnt] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\SrvMngmnt] 'ImagePath' = 'C:\Users\Public\SysApps\SrvMngmnt.exe'
- 'SrvMngmnt' C:\Users\Public\SysApps\SrvMngmnt.exe
- C:\users\public\sysapps\srvmngmnt.exe
- <Текущая директория>\flashgame.exe
- %APPDATA%\macromedia\flash player\macromedia.com\support\flashplayer\sys\settings.sxx
- %APPDATA%\macromedia\flash player\macromedia.com\support\flashplayer\sys\settings.sol
- %APPDATA%\macromedia\flash player\macromedia.com\support\flashplayer\sys\settings.sxx в %APPDATA%\macromedia\flash player\macromedia.com\support\flashplayer\sys\settings.sol
- %APPDATA%\macromedia\flash player\macromedia.com\support\flashplayer\sys\settings.sxx
- %APPDATA%\macromedia\flash player\macromedia.com\support\flashplayer\sys\settings.sol
- 'bi####.byethost33.com':80
- 'my###tgames.com':80
- http://bi####.byethost33.com/post/event.php?ev#####################
- http://my###tgames.com/ajax/get_distribution?ve##############################################################################################################
- http://ww#.##lostgames.com/
- DNS ASK bi####.byethost33.com
- DNS ASK my###tgames.com
- DNS ASK ww#.##lostgames.com
- '<Текущая директория>\flashgame.exe'