Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'decryptor' = '%APPDATA%\Settings\AVCzTm.exe'
- '%APPDATA%\Settings\AVCzTm.exe' 2884
- %HOMEPATH%\Desktop\UNLOCK DATA.url
- %APPDATA%\Settings\settings.dat
- %APPDATA%\Settings\AVCzTm.exe
- %APPDATA%\Settings\settings.dat
- 'bl###chain.info':443
- 'pa###bin.com':443
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK bl###chain.info
- DNS ASK pa###bin.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''