Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'task' = 'C:\win\ib\pictures\task.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%APPDATA%\Files\svchost\svchost.exe'
- '%TEMP%\lvl4fi4 auto dc v4.exe'
- '%APPDATA%\Files\FileB\lvl4fi4 auto dc.exe'
- '%APPDATA%\Files\FileB\task.exe'
- '%TEMP%\loger.exe'
- '%TEMP%\svchost.exe'
- '%TEMP%\lvl4fi4 auto dc Personel Version.exe'
- '%APPDATA%\Files\svchost\svchost.exe'
- %APPDATA%\Files\FileB\lvl4fi4 auto dc.exe
- %APPDATA%\Files\svchost\svchost.exe
- C:\win\ib\pictures\task.exe
- %APPDATA%\Files\FileB\task.exe
- %TEMP%\lvl4fi4 auto dc Personel Version.exe
- %TEMP%\svchost.exe
- %TEMP%\lvl4fi4 auto dc v4.exe
- %TEMP%\loger.exe
- C:\win\ib\pictures\task.exe
- %APPDATA%\Files\FileB\lvl4fi4 auto dc.exe
- %APPDATA%\Files\svchost\svchost.exe
- 'wp#d':80
- 'www.pr######roductionsllc.com':80
- 'sm##.gmail.com':587
- 'lb####p.jabbim.cz':5222
- 'o.###buzz.com':5222
- www.pr######roductionsllc.com/yourip.php
- wp#d/wpad.dat
- DNS ASK wp#d
- DNS ASK www.pr######roductionsllc.com
- DNS ASK sm##.gmail.com
- DNS ASK lb####p.jabbim.cz
- DNS ASK o.###buzz.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'