Техническая информация
- '%TEMP%\HACK BY MALBOREX.exe'
- '%TEMP%\RarSFX0\Hack.exe'
- '%APPDATA%\911.exe' -p123 -d%HOMEPATH%\Local Settings\Temp
- '%TEMP%\Server.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\eng.bat" "
- [<HKCU>\Software\Paltalk]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- [<HKCU>\Software\Microsoft\MessengerService]
- %TEMP%\RarSFX0\SkinSoft.VisualStyler.dll
- %TEMP%\RarSFX0\Hack.exe
- <LS_APPDATA>\SkinSoft\VisualStyler\2.3.5.0\x86\ssapihook.dll
- %TEMP%\Server.exe
- %APPDATA%\eng.bat
- %APPDATA%\911.exe
- %TEMP%\HACK BY MALBOREX.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'di#####c.n1ce-shop.ru':80
- 'wp#d':80
- di#####c.n1ce-shop.ru/zet/logs.php?&p############################################
- wp#d/wpad.dat
- DNS ASK di#####c.n1ce-shop.ru
- DNS ASK wp#d
- ClassName: '.NET-BroadcastEventWindow.4.0.0.0.2bf8098.0' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''