Техническая информация
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\acik.jpg
- '%TEMP%\CCleaner.exe'
- '%TEMP%\chrome.exe'
- [<HKCU>\SOFTWARE\FileZilla Client]
- [<HKCU>\Software\RIT\The Bat!]
- [<HKCU>\Software\Headlight\GetRight]
- [<HKLM>\SOFTWARE\FileZilla Client]
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\cookies.sqlite-shm
- %TEMP%\acik.jpg
- %TEMP%\DCs
- %TEMP%\chrome.exe
- %TEMP%\CCleaner.exe
- %TEMP%\rtWDsDX
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\cookies.sqlite-shm
- 'ha###bin.com':80
- 'wp#d':80
- 'www.pi###orm.com':443
- http://ha###bin.com/raw/letaduvuki
- http://11#.#11.111.2/wpad.dat via wp#d
- DNS ASK ha###bin.com
- DNS ASK wp#d
- DNS ASK www.pi###orm.com
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''