Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'LNS Start' = '%WINDIR%\RMPPMC\LNS.exe'
- '<SYSTEM32>\notepad.exe' %TEMP%\key.txt
- '%WINDIR%\RMPPMC\LNS.exe'
- '%TEMP%\Install.exe'
- %TEMP%\key.txt
- %WINDIR%\RMPPMC\LNS.02
- %ALLUSERSPROFILE%\Application Data\FAZ\App_2016-09-18_17-26-14.html
- %ALLUSERSPROFILE%\Application Data\FAZ\LNS.004
- %WINDIR%\RMPPMC\LNS.01
- %TEMP%\Install.exe
- %TEMP%\Install.exe.nb5.tmp
- %WINDIR%\RMPPMC\LNS.00
- %WINDIR%\RMPPMC\LNS.exe
- %ALLUSERSPROFILE%\Application Data\FAZ\App_2016-09-18_17-26-14.html
- %TEMP%\Install.exe.nb5.tmp
- %ALLUSERSPROFILE%\Application Data\FAZ\LNS.004 в %ALLUSERSPROFILE%\Application Data\FAZ\2016-09-18_17-26-14.004
- %ALLUSERSPROFILE%\Application Data\FAZ\LNS.004
- 'sm##.#ooglemail.com':587
- DNS ASK sm##.#ooglemail.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''