Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PRP Start' = '%ALLUSERSPROFILE%\Application Data\JWIPDB\PRP.exe'
- '%ALLUSERSPROFILE%\Application Data\JWIPDB\PRP.exe'
- '%TEMP%\svghost.exe'
- Библиотека-обработчик для всех процессов: %ALLUSERSPROFILE%\Application Data\JWIPDB\PRP.01
- %ALLUSERSPROFILE%\Application Data\JWIPDB\PRP.02
- %ALLUSERSPROFILE%\Application Data\JWIPDB\PRP.01
- %ALLUSERSPROFILE%\Application Data\WTE\App_2014-12-19_21-47-17.html
- %ALLUSERSPROFILE%\Application Data\WTE\PRP.004
- %TEMP%\GunnyFire_2.0.5.zip
- %TEMP%\svghost.exe
- %ALLUSERSPROFILE%\Application Data\JWIPDB\PRP.00
- %ALLUSERSPROFILE%\Application Data\JWIPDB\PRP.exe
- %ALLUSERSPROFILE%\Application Data\WTE\App_2014-12-19_21-47-17.html
- %ALLUSERSPROFILE%\Application Data\WTE\PRP.004 в %ALLUSERSPROFILE%\Application Data\WTE\2014-12-19_21-47-17.004
- 'sm##.#ooglemail.com':465
- DNS ASK sm##.#ooglemail.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: '' WindowName: 'AKLMW'