Техническая информация
- [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] 'drocher' = '<SYSTEM32>\<Имя файла>.exe -a'
- %WINDIR%\syswow64\<Имя файла>.exe
- C:\users\public\desktop\porn on-line.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\porn on-line.lnk
- %WINDIR%\softwaredistribution\sls\9482f4b4-e343-43b6-b170-9a65bc822c77\sls.cab
- %WINDIR%\softwaredistribution\sls\9482f4b4-e343-43b6-b170-9a65bc822c77\tmpcc88.tmp
- %WINDIR%\softwaredistribution\sls\855e8a7c-ecb4-4ca3-b045-1dfa50104289\sls.cab
- %WINDIR%\softwaredistribution\sls\855e8a7c-ecb4-4ca3-b045-1dfa50104289\tmpd217.tmp
- %WINDIR%\softwaredistribution\sls\8b24b027-1dee-babb-9a95-3517dfb9c552\sls.cab
- %WINDIR%\softwaredistribution\sls\8b24b027-1dee-babb-9a95-3517dfb9c552\tmpd851.tmp
- DNS ASK ol###ustele.net
- DNS ASK settings-win.data.microsoft.com
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\<Имя файла>.exe'