Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'palstech' = '%APPDATA%\palstech\palstech.exe'
- %TEMP%\Temporary Internet Files\Content.IE5\4K65F5B4\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\CG87JAVF\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\Y8RJBLV5\desktop.ini
- %TEMP%\RGI4.tmp
- %TEMP%\History\History.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\3A1N2QCH\desktop.ini
- %APPDATA%\palstech\palstech.exe
- %TEMP%\nsy3.tmp\Dialer.dll
- %TEMP%\nsv2.tmp
- %TEMP%\nsy3.tmp\System.dll
- %TEMP%\nsy3.tmp\DLLWebCount.dll
- %TEMP%\nsy3.tmp\Math.dll
- %TEMP%\Temporary Internet Files\Content.IE5\Y8RJBLV5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\3A1N2QCH\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\4K65F5B4\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\CG87JAVF\desktop.ini
- %TEMP%\RGI4.tmp
- 'pr##oun.kr':80
- pr##oun.kr/check_counter.php?pi#######################################
- DNS ASK pr##oun.kr
- ClassName: 'Indicator' WindowName: ''