Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ShStatEXE' = '%ALLUSERSPROFILE%\Documents\My Music\AcroRd32Info.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %TEMP%\tmp9490.b6
- %TEMP%\tmp9490.exe
- %ALLUSERSPROFILE%\Documents\My Music\AcroRd32Info.exe
- %TEMP%\tmp9490.dat
- 'www.su###state.com':80
- www.su###state.com/img/member.php?id#############
- DNS ASK www.su###state.com
- ClassName: 'Indicator' WindowName: ''