Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%APPDATA%\Roaming\Other.res'
- '<SYSTEM32>\ctfmon.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\matuwnzwub-hsnj-sluhdpsxxsbaqeqsijyhek-kpjs-cpxrjdloehoc-myiogg-tows-pzld-iyeyyvbucpvspzgk-xsby_kwwpzbmzubvhgp-eywa-eylvluexnm-iyca-bjer-ypjy_sffi_fm[1].html
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\yvix-ecab-ctgk-llhv-eyvj-zbfs-ivoaokapqrjypdigvmzfaf-bfpw-rplx-xwon-piqtms-vztbprguctajxo_rzqn-lnaa-qong-lsefciinigerefoxum-iyqrdqbnon-ianomzonfsnn_tg[1].php
- %APPDATA%\Roaming\Other.res
- %APPDATA%\Roaming\Other.ico
- 'gc#n.ru':80
- 'ef#g.su':80
- gc#n.ru/forum/yvix-ecab-ctgk-llhv-eyvj-zbfs-ivoaokapqrjypdigvmzfaf-bfpw-rplx-xwon-piqtms-vztbprguctajxo_rzqn-lnaa-qong-lsefciinigerefoxum-iyqrdqbnon-ianomzonfsnn_tg.php
- ef#g.su/forums/matuwnzwub-hsnj-sluhdpsxxsbaqeqsijyhek-kpjs-cpxrjdloehoc-myiogg-tows-pzld-iyeyyvbucpvspzgk-xsby_kwwpzbmzubvhgp-eywa-eylvluexnm-iyca-bjer-ypjy_sffi_fm.html
- DNS ASK gc#n.ru
- DNS ASK ef#g.su
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'