Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DUF Start' = '%ALLUSERSPROFILE%\Application Data\IOBSYR\DUF.exe'
- '%ALLUSERSPROFILE%\Application Data\IOBSYR\DUF.exe'
- Библиотека-обработчик для всех процессов: %ALLUSERSPROFILE%\Application Data\IOBSYR\DUF.01
- %ALLUSERSPROFILE%\Application Data\IOBSYR\DUF.02
- %ALLUSERSPROFILE%\Application Data\IOBSYR\DUF.01
- %ALLUSERSPROFILE%\Application Data\MGB\App_2013-06-27_18-31-51.html
- %ALLUSERSPROFILE%\Application Data\MGB\DUF.004
- %TEMP%\img9.jpg
- %TEMP%\aut1.tmp
- %ALLUSERSPROFILE%\Application Data\IOBSYR\DUF.00
- %ALLUSERSPROFILE%\Application Data\IOBSYR\DUF.exe
- %ALLUSERSPROFILE%\Application Data\MGB\App_2013-06-27_18-31-51.html
- %TEMP%\aut1.tmp
- %ALLUSERSPROFILE%\Application Data\MGB\DUF.004 в %ALLUSERSPROFILE%\Application Data\MGB\2013-06-27_18-31-51.004
- 'any':25
- ClassName: '(null)' WindowName: 'AKLMW'