Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe <DRIVERS>\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PE_win44' = '%HOMEPATH%\МСнС.exe'
- <DRIVERS>\svchost.exe
- <DRIVERS>\Cam Looka.exe
- %HOMEPATH%\МСнС.exe
- %HOMEPATH%\Cam Looka.exe
- <SYSTEM32>\taskkill.exe /im teatimer.exe /f
- <SYSTEM32>\mmil.htm
- <DRIVERS>\Cam Looka.exe
- <SYSTEM32>\gogo.txt
- <DRIVERS>\svchost.exe
- %HOMEPATH%\МСнС.exe
- %HOMEPATH%\Cam Looka.exe
- <SYSTEM32>\gogo.txt
- <SYSTEM32>\mmil.htm
- %TEMP%\~DFE9C3.tmp
- 'ze####.no-ip.biz':3460
- 'localhost':1037
- 'localhost':808
- DNS ASK ze####.no-ip.biz
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''