Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'windesktop' = 'svckost.exe'
- '<SYSTEM32>\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v windesktop /t REG_SZ /d svckost.exe /f
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\url[1].txt
- 'ki####e.0fees.net':80
- 'localhost':1037
- ki####e.0fees.net/url.txt
- DNS ASK ki####e.0fees.net
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'