Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\°ІИ«·АУщПµНі] 'Start' = '00000002'
- <SYSTEM32>\logon.scr
- '%WINDIR%\°ІИ«·АУщПµНіexe'
- '%TEMP%\CCG1.exe'
- '%TEMP%\CCG0.exe'
- '<SYSTEM32>\logon.scr' /S
- %TEMP%\CCG1.exe
- %WINDIR%\°ІИ«·АУщПµНіexe
- %TEMP%\upwind1.exe
- %TEMP%\upwind0.exe
- %TEMP%\CCG0.exe
- %WINDIR%\°ІИ«·АУщПµНіexe
- %TEMP%\upwind1.exe
- <SYSTEM32>\logon.scr.tmp
- %TEMP%\upwind0.exe
- <SYSTEM32>\logon.scr в <SYSTEM32>\logon.scr.tmp
- '49##.qrqr.net':80
- 49##.qrqr.net/POPPING/ip.txt
- DNS ASK 49##.qrqr.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''