Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'promu.exe' = '%PROGRAM_FILES%\promp3\promu.exe'
- %PROGRAM_FILES%\promp3\proMp3.exe
- %PROGRAM_FILES%\promp3\proMp3.exe (загружен из сети Интернет)
- <SYSTEM32>\schtasks.exe /create /sc onlogon /tn "Windows proMp3 update" /tr "\"%PROGRAM_FILES%\promp3\promu.exe"\" /rl highest
- %HOMEPATH%\Desktop\Withmp3.lnk
- %TEMP%\0000099800400000.bin
- %PROGRAM_FILES%\promp3\promp3_delete.exe
- %PROGRAM_FILES%\promp3\proMp3.exe
- %PROGRAM_FILES%\promp3\promu.exe
- %TEMP%\0000099800400000.bin
- 'wi##mp3.com':80
- 'go###e.co.kr':80
- wi##mp3.com/pgm/promp3_delete.exe
- wi##mp3.com/Z/program_check.php?m=####################
- wi##mp3.com/pgm/promu.exe
- go###e.co.kr/
- wi##mp3.com/pgm/proMp3.exe
- DNS ASK wi##mp3.com
- DNS ASK go###e.co.kr
- '<IP-адрес в локальной сети>':1037
- ClassName: 'MS_WINHELP' WindowName: ''