Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows' = '%APPDATA%\System\Oracle\smss.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows' = '%WINDIR%\explorer\smss.exe'
- '%APPDATA%\System\Oracle\smss.exe'
- %APPDATA%\System\Oracle\azioklmpx\hzid\hzid.txt
- %TEMP%\nsv4.tmp\rebates.dll
- %APPDATA%\System\Oracle\smss.exe
- %APPDATA%\tiro.ef
- %TEMP%\nsa2.tmp\rebates.dll
- %APPDATA%\System\Oracle\azioklmpx\hzid\hzid.txt
- %APPDATA%\System\Oracle\smss.exe
- %TEMP%\nsv4.tmp\rebates.dll
- %TEMP%\nsa2.tmp\rebates.dll
- 'mr###loader.com':80
- '94.##6.77.75':80
- mr###loader.comhttp://mreloloader.com/panel/includes/verif.php
- 94.##6.77.75http://94.156.77.75/panel/includes/verif.php
- DNS ASK mr###loader.com
- ClassName: 'Indicator' WindowName: ''