Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Activex' = '<SYSTEM32>\Restore\wscntfy.exe'
- '<SYSTEM32>\Restore\wscntfy.exe'
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ /v Activex /t REG_SZ /d <SYSTEM32>\Restore\wscntfy.exe /f
- <SYSTEM32>\comdll.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ip[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\serial[1].aspx
- %WINDIR%\Prefetch\RUNDLL32.EXE-4C6766545.pf
- <SYSTEM32>\msinet.ocx
- <SYSTEM32>\Restore\wscntfy.exe
- <SYSTEM32>\Restore\wscntfy.exe
- %TEMP%\~DF3F90.tmp
- 'tu#####-cumhuriyeti.net':80
- 'dy####ate.no-ip.com':80
- 'localhost':1035
- tu#####-cumhuriyeti.net/resim/black/serial.aspx?Se###########################################################
- dy####ate.no-ip.com/ip.php
- DNS ASK tu#####-cumhuriyeti.net
- DNS ASK dy####ate.no-ip.com
- ClassName: 'Indicator' WindowName: '(null)'