Техническая информация
- [<HKLM>\SYSTEM\ControlSet003\Services\Messenger] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\Messenger] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Messenger] 'Start' = '00000002'
- '%WINDIR%\regedit.exe' -s "%TEMP%\omranxreg.reg"
- '<SYSTEM32>\rundll32.exe' "%TEMP%\omranxreg.dll",ServiceMain
- %TEMP%\00001164.txt
- <SYSTEM32>\omranx.dll
- %TEMP%\omranxreg.dll
- %TEMP%\omranx.dll
- %TEMP%\omranxreg.reg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\pc[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\pc[1].txt
- %TEMP%\omranx.dll
- %TEMP%\00001164.txt
- 'www.52##c.com':80
- www.52##c.com/ip/pc.txt
- DNS ASK www.52##c.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''