Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\Roaming\cache.dat'
- '<SYSTEM32>\ctfmon.exe'
- '<SYSTEM32>\svchost.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\svchost.exe
- %APPDATA%\Roaming\cache.ini
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ocmyiogg-tows-pzma_tuwn-zwub-hsnjsluhdpsxxsba-qeqsijyhek-kpjscpxrjd-loehwruicn-sfvwpivpix_kwfpkxcavtjvrptjewyk-uvjjpjlrepyppijjiv_qimvxrsazwqlfp-[1].html
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\gssaiiumcd_udpj_dqgs_saiium-cdudpjdqgssa-iium-cdudpjdqgs-saiiumcdudpj-dqwrepzbhvgdjrcd-ockndp-aabaaaqqemxm-onjeic-oowb-dwryoacaafkpupahpv-fpmkanyk[1].html
- %APPDATA%\Roaming\cache.dat
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEF5.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEE4.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEE4.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlAEF5.tmp
- 'bw##r.su':80
- 'lh##s.ru':80
- bw##r.su/gssaiiumcd_udpj_dqgs_saiium-cdudpjdqgssa-iium-cdudpjdqgs-saiiumcdudpj-dqwrepzbhvgdjrcd-ockndp-aabaaaqqemxm-onjeic-oowb-dwryoacaafkpupahpv-fpmkanyk.html
- lh##s.ru/ocmyiogg-tows-pzma_tuwn-zwub-hsnjsluhdpsxxsba-qeqsijyhek-kpjscpxrjd-loehwruicn-sfvwpivpix_kwfpkxcavtjvrptjewyk-uvjjpjlrepyppijjiv_qimvxrsazwqlfp-.html
- DNS ASK bw##r.su
- DNS ASK lh##s.ru
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'