Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'SvcSys' = '{82CDC9F9-9D1B-47B9-B467-18D9896A1D5B}'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\explorer.exe' = '%WINDIR%\explorer.exe:*:Enabled:explorer'
- %WINDIR%\explorer.exe
- %WINDIR%\explorer.exe
- Библиотека-обработчик для всех процессов: <SYSTEM32>\svcsys.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\stat2[1].php
- <SYSTEM32>\svcsys.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\stat2[1].php
- 'www.ol#####rewomenxxx.com':80
- www.ol#####rewomenxxx.com/th/md/images/stat2.php?id############
- DNS ASK www.ol#####rewomenxxx.com
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'CSCHiddenWindow' WindowName: ''
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'BaseBar' WindowName: 'ChanApp'