Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'windows mainframe' = '%APPDATA%\app\svchost.exe'
- '%TEMP%\is-CSQ82.tmp\setup.tmp' /SL5="$300E0,140800,0,%TEMP%\setup.exe"
- '%TEMP%\262\262.exe'
- '%APPDATA%\app\svchost.exe'
- '%TEMP%\3921\3921.exe'
- '%TEMP%\plasma.exe'
- '%TEMP%\setup.exe'
- %TEMP%\262\262.exe
- %TEMP%\is-CSQ82.tmp\setup.tmp
- %TEMP%\is-APLJ3.tmp\_isetup\_shfoldr.dll
- %APPDATA%\app\Set.bin
- %APPDATA%\app\svchost.exe
- %TEMP%\plasma.exe
- %TEMP%\3921\3921.exe
- %TEMP%\setup.exe
- %TEMP%\cvdhrqo
- %TEMP%\aut3.tmp
- %TEMP%\cvdhrqo
- %TEMP%\262\262.exe
- %TEMP%\3921\3921.exe
- %TEMP%\aut3.tmp
- 'h7####.srv2.test-hf.ru':80
- 'wp#d':80
- h7####.srv2.test-hf.ru/cynth/ip.php
- wp#d/wpad.dat
- h7####.srv2.test-hf.ru/cynth/connect.php
- DNS ASK h7####.srv2.test-hf.ru
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''