Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'tempManager' = '%APPDATA%tempManager.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\winlogin.exe
- '%TEMP%\judai_px4.exe'
- '%TEMP%\Microsoftlog.exe'
- '%TEMP%\great_elite.exe'
- '%TEMP%\hmmsukup_p10.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander]
- [<HKCU>\Software\Paltalk]
- [<HKCU>\Software\America Online\AIM6\Passwords]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- %TEMP%\dw.log
- %TEMP%\Microsoftlog.exe
- %TEMP%\log.txt
- %TEMP%\408E5.dmp
- %APPDATA%tempManager.exe
- %TEMP%\hmmsukup_p10.exe
- %TEMP%\great_elite.exe
- %TEMP%\Na_Sata_@FadiRixi.wav
- %TEMP%\judai_px4.exe
- 'pa###bin.com':80
- 'wh###smyip.com':80
- 'sm##.live.com':587
- 'wp#d':80
- wh###smyip.com/automation/n09230945.asp
- pa###bin.com/raw.php?i=########
- wp#d/wpad.dat
- DNS ASK pa###bin.com
- DNS ASK wh###smyip.com
- DNS ASK sm##.live.com
- DNS ASK wp#d
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'WMP9DeskBand' WindowName: 'WMP9DeskBand'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'