Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,,<LS_APPDATA>\Dll.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\Face.exe
- <LS_APPDATA>\Dll.exe
- %TEMP%\Face.exe
- %ALLUSERSPROFILE%\Desktop:$SS_DESCRIPTOR_SBXNV9VVGV1BFPKH6V9XBN63RFPT9L0BF5AVJKVFSPF7VBCVP4GF
- %ALLUSERSPROFILE%\Application Data\DYA_KPIGICMVTCFSPJHAW\1.0.0:$SS_DESCRIPTOR_SBXNV9VVGV1BFPKH6V9XBN63RFPT9L0BF5AVJKVFSPF7VBCVP4GF
- <LS_APPDATA>\Images\%USERNAME%\03-09-2012\19-59-02
- <LS_APPDATA>\Dll.exe
- %APPDATA%\DYA_KPIGICMVTCFSPJHAW\1.0.0\Data\dya.dat
- %TEMP%\Face.exe
- %TEMP%\aut1.tmp
- %ALLUSERSPROFILE%\Application Data\DYA_KPIGICMVTCFSPJHAW\1.0.0\Data\updates.dat
- %ALLUSERSPROFILE%\Application Data\DYA_KPIGICMVTCFSPJHAW\1.0.0\Data\app.dat
- %TEMP%\aut1.tmp
- '25#.#55.255.255':6666
- 'la#####s2010.myftp.biz':6666
- DNS ASK la#####s2010.myftp.biz