Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'gooogle.exe' = '"%WINDIR%\gooogle.exe"'
- '%TEMP%\MINECRAFT.EXE'
- '%WINDIR%\gooogle.exe'
- '%TEMP%\MANCHIFT.EXE'
- '%TEMP%\RarSFX0\ok.sfx.exe' -psami2012 -d%APPDATA%
- '%TEMP%\RarSFX1\ok.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\dll.bat" "
- %TEMP%\MANCHIFT.EXE
- %TEMP%\MINECRAFT.EXE
- %WINDIR%\gooogle.exe
- %TEMP%\RarSFX0\dll.bat
- %TEMP%\RarSFX0\ok.sfx.exe
- %TEMP%\RarSFX1\ok.exe
- %TEMP%\RarSFX0\ok.sfx.exe
- %TEMP%\RarSFX0\dll.bat
- %TEMP%\RarSFX1\ok.exe
- '17#.#37.136.87':1515
- 'ou###.noip.me':1515
- DNS ASK ou###.noip.me
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''