Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\aHBHHfZgWeEJ.lnk
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- '%APPDATA%\UEMU.exe' "%APPDATA%\UEMUH.au3"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- skype.exe
- %APPDATA%\UEMUH.au3
- %HOMEPATH%\AppData\Roaming\COM-Surrogate\dllhost.exe
- %APPDATA%\UEMU.exe
- %TEMP%\aut1.tmp
- %TEMP%\uqrsjjs
- %HOMEPATH%\hMuYDUiTqF1eYwKc\UEMUH.au3
- %HOMEPATH%\hMuYDUiTqF1eYwKc\UEMU.exe
- %TEMP%\uqrsjjs
- %TEMP%\aut1.tmp
- %APPDATA%\UEMU.exe в %HOMEPATH%\hMuYDUiTqF1eYwKc\UEMU.exe
- %APPDATA%\UEMUH.au3 в %HOMEPATH%\hMuYDUiTqF1eYwKc\UEMUH.au3
- 'to###.feron.it':80
- 'wp#d':80
- http://to###.feron.it/php/ip.php
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK to###.feron.it
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''