Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Svchost' = '%APPDATA%\Svchost.exe'
- скрытых файлов
- расширений файлов
- '<LS_APPDATA>\moneymaker.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\1087d417.linkbucks[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\21b40bc3.linkbucks[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\f433cce0.linkbucks[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ae5f20fa.linkbucks[1]
- <LS_APPDATA>\moneymaker.exe
- %APPDATA%\Svchost.exe
- %APPDATA%\Svchost.exe:ZONE.identifier
- %APPDATA%\Svchost.exe
- '21#####3.linkbucks.com':80
- 'f4#####0.linkbucks.com':80
- '10#####7.linkbucks.com':80
- 'localhost':1036
- 'ae#####a.linkbucks.com':80
- 21#####3.linkbucks.com/
- f4#####0.linkbucks.com/
- ae#####a.linkbucks.com/
- 10#####7.linkbucks.com/
- DNS ASK 21#####3.linkbucks.com
- DNS ASK f4#####0.linkbucks.com
- DNS ASK ae#####a.linkbucks.com
- DNS ASK 10#####7.linkbucks.com
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'