Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'msvcrlt' = '<SYSTEM32>\msvcrlt.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'msvcrlt' = '<SYSTEM32>\msvcrlt.exe'
- '<SYSTEM32>\wntsvc.exe'
- '<SYSTEM32>\msvcrlt.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\vic01[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\vic01[1]
- <SYSTEM32>\msvcrlt.exe
- <SYSTEM32>\wntsvc.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\vic01[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\vic01[1]
- 'pr##.home.ro':80
- '25#.#55.255.255':12341
- 'so##.homeip.net':12341
- 'localhost':12341
- pr##.home.ro/vic01
- DNS ASK pr##.home.ro
- DNS ASK so##.homeip.net
- ClassName: 'Indicator' WindowName: '(null)'