Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\desktops.lnk
- '%TEMP%\RarSFX0\Bnd_160_82_2014117_1433.exe'
- '%TEMP%\RarSFX0\homs.exe'
- '%TEMP%\RarSFX0\apps.exe'
- 'C:\Desktops Alert\desktops.exe'
- C:\Desktops Alert\Interop.Shell32.dll
- C:\Desktops Alert\Interop.IWshRuntimeLibrary.dll
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
- %ALLUSERSPROFILE%\Desktop\Internet Explorer.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internet Explorer Tarayэcэsэ'nэ Baюlat.lnk
- %TEMP%\RarSFX0\Bnd_160_82_2014117_1433.exe
- %TEMP%\RarSFX0\apps.exe
- %TEMP%\RarSFX0\homs.exe
- C:\Desktops Alert\desktopsvm.exe
- C:\Desktops Alert\desktops.exe
- %TEMP%\RarSFX0\homs.exe
- %TEMP%\RarSFX0\Bnd_160_82_2014117_1433.exe
- %TEMP%\RarSFX0\apps.exe
- 'mz.##.trtromg.com':80
- 'ip##fo.io':80
- ip##fo.io/country
- mz.##.trtromg.com/s2.php
- mz.##.trtromg.com/r2.php
- DNS ASK mz.##.trtromg.com
- DNS ASK ip##fo.io
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''