Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnonBadCertRecving' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnOnZoneCrossing' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1601' = '00000000'
- %HOMEPATH%\Desktop\Data Restore.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Data Restore.lnk
- %HOMEPATH%\Start Menu\Programs\Data Restore\Uninstall Data Restore.lnk
- %ALLUSERSPROFILE%\Application Data\GDp4X5CaT
- %HOMEPATH%\Start Menu\Programs\Data Restore\Data Restore.lnk
- из <Полный путь к файлу> в %ALLUSERSPROFILE%\Application Data\GDp4X5CaT.exe
- 'wi###722866.com':80
- 'wi###135617.com':80
- 'wi###284030.com':80
- 'de###llow.com':80
- 'ag###swake.com':80
- 'st####343001.com':80
- http://wi###135617.com/britix/a
- http://wi###722866.com/britix/ar
- http://wi###722866.com/britix/a
- http://wi###284030.com/britix/ar
- http://wi###284030.com/britix/a
- http://wi###135617.com/britix/ar
- http://ag###swake.com/britix/ar
- http://de###llow.com/britix/ar
- http://ag###swake.com/404.php?ty#################################################
- http://de###llow.com/britix/a
- http://ag###swake.com/britix/a
- http://st####343001.com/britix/ar
- http://st####343001.com/britix/a
- DNS ASK wi###722866.com
- DNS ASK wi###135617.com
- DNS ASK wi###284030.com
- DNS ASK de###llow.com
- DNS ASK ag###swake.com
- DNS ASK st####343001.com
- ClassName: 'Shell_TrayWnd' WindowName: ''