Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'madara' = '%WINDIR%\Extracted\1.exe'
- %WINDIR%\Extracted\makeup1.exe
- %WINDIR%\Extracted\1.exe
- %TEMP%\is-KIAIU.tmp\makeup1.tmp
- %TEMP%\is-TC4LB.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-TC4LB.tmp\_isetup\_shfoldr.dll
- %WINDIR%\Extracted\1.exe-up.txt
- %TEMP%\sfx.ini
- %WINDIR%\Extracted\makeup1.exe
- %WINDIR%\Extracted\1.exe
- %TEMP%\sfx.ini
- 'ma####.myftp.biz':3460
- DNS ASK ma####.myftp.biz
- ClassName: 'Shell_TrayWnd' WindowName: ''