Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '<SYSTEM32>\leass.exe'
- <SYSTEM32>\leass.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a[3].mp3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a[2].mp3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a[1].mp3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a[2].mp3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a[3].mp3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a[2].mp3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a[2].mp3
- <SYSTEM32>\leass.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a[1].mp3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a[1].mp3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a[1].mp3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a[1].mp3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a[1].mp3
- %TEMP%\~DF503D.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a[1].mp3
- 'yo##ie.net':80
- 'localhost':1035
- yo##ie.net/files/attach/images/22630/003/643/a.mp3
- DNS ASK yo##ie.net