Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'dwm' = '%WINDIR%\dwm.exe'
- '<SYSTEM32>\ipru9injs8.exe'
- '<SYSTEM32>\ipru9injs8.exe' (загружен из сети Интернет)
- <SYSTEM32>\ipru9injs8.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\kkkk[1].exe
- %WINDIR%\dwm.exe
- %WINDIR%\dwm.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\kkkk[1].exe
- '21#.#3.121.164':80
- 'localhost':1035
- 21#.#3.121.164/kkkk.exe