Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '%PROGRAM_FILES%\Coupon Marvel\bin\CouponMarvel32.dll '
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- '%PROGRAM_FILES%\Coupon Marvel\bin\firefox-installer.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %PROGRAM_FILES%\Coupon Marvel\bin\CouponMarvel.exe
- %PROGRAM_FILES%\Coupon Marvel\bin\CouponMarvel32.dll
- %APPDATA%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\jid1-xGIjYAPvEA9ENA@jetpack.xpi
- %PROGRAM_FILES%\Coupon Marvel\bin\firefox-installer.exe
- %TEMP%\nsr2.tmp\UserInfo.dll
- %TEMP%\nsr2.tmp\NSISHelper.dll
- %TEMP%\nsr2.tmp\System.dll
- %PROGRAM_FILES%\Coupon Marvel\Uninstall.exe
- %TEMP%\nsr2.tmp\NSISHelper.dll
- %TEMP%\nsr2.tmp\System.dll
- %TEMP%\nsr2.tmp\UserInfo.dll
- %PROGRAM_FILES%\Coupon Marvel\bin\firefox-installer.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- 'bi###ocker.com':443
- DNS ASK bi###ocker.com