Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows' = '%APPDATA%\System\Oracle\smss.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows' = '%WINDIR%\explorer\smss.exe'
- '%APPDATA%\System\Oracle\smss.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %APPDATA%\System\Oracle\azioklmpx\hzid\hzid.txt
- %TEMP%\nsy4.tmp\challenge.dll
- %APPDATA%\System\Oracle\smss.exe
- %APPDATA%\favourite.avw
- %TEMP%\nsg2.tmp\challenge.dll
- %APPDATA%\System\Oracle\azioklmpx\hzid\hzid.txt
- %APPDATA%\System\Oracle\smss.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\nsg2.tmp\challenge.dll
- %TEMP%\nsy4.tmp\challenge.dll
- 'mr###loader.com':80
- '94.##6.77.75':80
- mr###loader.comhttp://mreloloader.com/panel/includes/verif.php
- 94.##6.77.75http://94.156.77.75/panel/includes/verif.php
- DNS ASK mr###loader.com
- ClassName: 'Indicator' WindowName: ''