Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '%HOMEPATH%\Start Menu\Programs\Startup\localtmp.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\localtmp.exe
- '%TEMP%\ID Maker V2.3.exe'
- '%HOMEPATH%\Start Menu\Programs\Startup\localtmp.exe' ONCE
- %TEMP%\ID Maker V2.3.exe
- 'nc#####aker.blogfa.com':80
- 'wp#d':80
- nc#####aker.blogfa.com/page/per2
- wp#d/wpad.dat
- DNS ASK nc#####aker.blogfa.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'