Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'update32.exe' = '%TEMP%\update32.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Inoyikotadoqev' = 'rundll32.exe "%WINDIR%\gv2scotl.dll",Startup'
- %TEMP%\update32.exe
- <LS_APPDATA>\108813.exe
- <LS_APPDATA>\108812.exe
- <SYSTEM32>\rundll32.exe "%WINDIR%\gv2scotl.dll",iep
- <SYSTEM32>\rundll32.exe "%WINDIR%\gv2scotl.dll",Startup
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %TEMP%\update32.exe
- %TEMP%\update32.dll
- <LS_APPDATA>\108812.exe
- <LS_APPDATA>\108813.exe
- %WINDIR%\gv2scotl.dll
- <LS_APPDATA>\108813.exe в %TEMP%\tmp1.tmp
- 'localhost':1039
- DNS ASK 22######120c.brightdog.net
- DNS ASK me####ullwai.com
- DNS ASK 00########.########.##.###########14C22876D45B386C90B7D.n.empty.966.empty.5_1._t_i.ffffffff.<Служебное имя>_exe.171.rc2.a4h9uploading.com
- DNS ASK se###hbad.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''