Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{71853F51-LJ4J-8L2O-05DR-601I6SYP178K}] 'StubPath' = '%APPDATA%\Microsoft\Micros.exe restart'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '%APPDATA%\Microsoft\Micros.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '%APPDATA%\Microsoft\Micros.exe'
- '%ProgramFiles%\Windows NT\Accessories\wordpad.exe' "%TEMP%\672destruction.doc"
- '<SYSTEM32>\ie4uinit.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\ie4uinit.exe
- %TEMP%\672destruction.doc.exe
- %APPDATA%\Microsoft\Micros.exe
- %TEMP%\672destruction.doc
- %APPDATA%\Microsoft\Windows\iGPxNE.dat
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\549b9b645cadfe6bb4bc69cf363c354c_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\CREDHIST
- %APPDATA%\Microsoft\Windows\iGPxNE.cfg
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\c0528c2346cb928a9052304ef3ab8fd4_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Windows\iGPxNE.dat
- %APPDATA%\Microsoft\Windows\iGPxNE.cfg
- 'om####.serveblog.net':60000
- 'localhost':1036
- DNS ASK om####.serveblog.net
- ClassName: 'WordPadClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''