Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Logon information' = '%APPDATA%\winlogon.exe'
- %APPDATA%\winlogon.exe
- "%TEMP%\iuwqgbcvku" (загружен из сети Интернет)
- "%TEMP%\hsvwuydncq" (загружен из сети Интернет)
- "%TEMP%\qefsuauyux" (загружен из сети Интернет)
- %TEMP%\hsvwuydncq
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\bsupdt8503[1].exe
- %TEMP%\iuwqgbcvku
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\spupdt7402[1].exe
- %APPDATA%\winlogon.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\bcupdt6301[1].exe
- %TEMP%\qefsuauyux
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\bsupdt8503[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\spupdt7402[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\bcupdt6301[1].exe
- 'wo######othingfashion.com':80
- 'er#####ilfe-steglitz.de':80
- '18#.#2.216.95':80
- wo######othingfashion.com/bsupdt8503.exe
- er#####ilfe-steglitz.de/spupdt7402.exe
- 18#.#2.216.95/bcupdt6301.exe
- DNS ASK wo######othingfashion.com
- DNS ASK er#####ilfe-steglitz.de
- ClassName: 'Indicator' WindowName: ''