Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'szlink' = '"%PROGRAM_FILES%\szlink\szlink.exe" startup'
- '%PROGRAM_FILES%\szlink\szlink.exe' startup
- %TEMP%\3.tmp
- %TEMP%\4.tmp
- %TEMP%\5.tmp
- %PROGRAM_FILES%\szlink\szlink.exe
- %PROGRAM_FILES%\szlink\uninstall.exe
- %TEMP%\2.tmp
- %TEMP%\4.tmp
- %TEMP%\5.tmp
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- 'ke##oa.com':80
- ke##oa.com/ptn/bt.php?p=###################
- ke##oa.com/en/appdata_keymoa.ini
- ke##oa.com/freeshop/data.ini
- ke##oa.com/ptn/inst.php?p=###################
- DNS ASK ke##oa.com