Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchostn.exe' = '"<SYSTEM32>\svchosta.exe" start4dalife'
- <SYSTEM32>\svchosta.exe start4dalife
- %TEMP%\tmp2.tmp.exe
- %TEMP%\tmp1.tmp.exe
- <SYSTEM32>\svchosta.exe
- %TEMP%\tmp2.tmp.exe
- %TEMP%\tmp1.tmp.exe
- 'ir#.#nonops.li':6697
- 'www.pa#####atual.webs.com':80
- www.pa#####atual.webs.com/publi4.txt
- www.pa#####atual.webs.com/prob.txt
- www.pa#####atual.webs.com/publi3.txt
- www.pa#####atual.webs.com/publi1.txt
- www.pa#####atual.webs.com/publi2.txt
- DNS ASK ir#.#nonops.li
- DNS ASK www.pa#####atual.webs.com
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''