Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsUpdate' = '%HOMEPATH%\USGVY\HOVMLGHGTT-TLRMH-ROPUWJRKNJ.vbe'
- '%HOMEPATH%\USGVY\LRXYM.exe' %HOMEPATH%\USGVY\CYXPB
- '%HOMEPATH%\USGVY\LRXYM.exe' %HOMEPATH%\USGVY\PVTMX
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %HOMEPATH%\USGVY\Hahaa.bmp
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\USGVY\HOVMLGHGTT-TLRMH-ROPUWJRKNJ.vbe"
- %HOMEPATH%\Recent\USGVY.lnk
- %HOMEPATH%\Recent\Hahaa.lnk
- %HOMEPATH%\USGVY\LRXYM.exe
- %HOMEPATH%\USGVY\spd
- %HOMEPATH%\USGVY\CYXPB
- %HOMEPATH%\USGVY\Hahaa.bmp
- %HOMEPATH%\USGVY\TQABC
- %HOMEPATH%\USGVY\AFBRB
- %HOMEPATH%\USGVY\YMQGIX
- %HOMEPATH%\USGVY\HOVMLGHGTT-TLRMH-ROPUWJRKNJ.vbe
- %HOMEPATH%\USGVY\PVTMX
- %HOMEPATH%\USGVY\PVTMX
- %HOMEPATH%\USGVY\LRXYM.exe
- %HOMEPATH%\USGVY\CYXPB
- 'sh#####1995.no-ip.org':1604
- DNS ASK sh#####1995.no-ip.org
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'