Техническая информация
- [<HKLM>\SYSTEM\ControlSet003\Control\Session Manager] 'BootExecute' = ''
- [<HKLM>\SYSTEM\ControlSet002\Control\Session Manager] 'BootExecute' = ''
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = ''
- '%WINDIR%\temp2.exe'
- '%WINDIR%\temp1.exe'
- '%WINDIR%\temp2.exe' (загружен из сети Интернет)
- '%WINDIR%\temp1.exe' (загружен из сети Интернет)
- %WINDIR%\temp1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\kl[1].png
- %WINDIR%\temp2.exe
- <SYSTEM32>\avJqMfCwE.TXT
- <SYSTEM32>\avJqMfCwE.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\wrm[1].png
- '80.##.80.108':80
- 'localhost':1035
- 80.##.80.108/icons/kl.png
- 80.##.80.108/icons/wrm.png