Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winlive' = '%WINDIR%\3nvy\alg.exe'
- '<SYSTEM32>\attrib.exe' +r +s +h %WINDIR%\3nvy
- '%WINDIR%\3nvy\alg.exe'
- %WINDIR%\3nvy\alg.exe
- %WINDIR%\3nvy\alg.ex
- 'ce###tiumbp.com':80
- http://ce###tiumbp.com/envy.html
- DNS ASK ce###tiumbp.com
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: 'Certificado'
- ClassName: 'Shell_TrayWnd' WindowName: ''