Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = '"%TEMP%\svchost.exe"'
- <SYSTEM32>\msg.exe * Proceeding the download.
- <SYSTEM32>\msg.exe * Please be patient while pingen.exe is downloading...
- <SYSTEM32>\msg.exe * Download Complete!
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- <SYSTEM32>\cmd.exe /c ""%APPDATA%\pingen.bat" "
- <SYSTEM32>\msg.exe * Asking permition to download pingen.exe, press OK to proceed.
- [<HKCU>\Software\Paltalk]
- [<HKCU>\Software\Google\Google Talk\Accounts]
- %APPDATA%\pingen.bat
- %TEMP%\svchost.exe
- ClassName: 'Indicator' WindowName: ''