Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\EMwTyUFMx.url
- '%ALLUSERSPROFILE%\Application Data\EMwTyUFMx\office.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' -f "%TEMP%\tmp3.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' -f "%TEMP%\tmp2.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' -f "%TEMP%\tmp1.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- [<HKCU>\Software\Paltalk]
- [<HKCU>\Software\Google\Google Talk\Accounts]
- %ALLUSERSPROFILE%\Application Data\FIEGthX\93a6a9bfe37d4cf0ac3bcf75420d84eb
- %TEMP%\tmp2.tmp
- %TEMP%\tmp3.tmp
- %ALLUSERSPROFILE%\Application Data\FIEGthX\06c70f5444854b928b7aa5dc2a5589d2
- %ALLUSERSPROFILE%\Application Data\FIEGthX\9078492a716a40959a5b44dc3e83be95
- %ALLUSERSPROFILE%\Application Data\FIEGthX\ba3ff649cdab452c913664ba5ba5c33e
- %ALLUSERSPROFILE%\Application Data\FIEGthX\50cbe63df81343a4bf18c35f369aeac7
- %ALLUSERSPROFILE%\Application Data\FIEGthX\f22341b5026e4202bec2a0876e7f7080
- %ALLUSERSPROFILE%\Application Data\EMwTyUFMx\office.exe
- %TEMP%\tmp1.tmp
- %ALLUSERSPROFILE%\Application Data\FIEGthX\35c7f3361dcd46cb998b9d9b1b54eab2
- %TEMP%\tmp3.tmp
- %TEMP%\tmp2.tmp
- %TEMP%\tmp1.tmp
- 'ft#.###alabu.1eko.com':21
- 'bo#.####ismyipaddress.com':80
- 'wp#d':80
- bo#.####ismyipaddress.com/
- wp#d/wpad.dat
- DNS ASK ft#.###alabu.1eko.com
- DNS ASK bo#.####ismyipaddress.com
- DNS ASK wp#d