Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Windows Templates' = '%TEMP%\svchost.exe'
- '%TEMP%\winsystemx86.exe' MZ�
- '%TEMP%\winsystemx86.exe' (загружен из сети Интернет)
- %TEMP%\zlib1.dll
- %TEMP%\winsystemx86.exe
- %TEMP%\libcurl-4.dll
- %TEMP%\pthreadGC2.dll
- 'gd###rve.com':80
- 'gd###rve.comx32':80
- 'wp#d':80
- gd###rve.com/x32/zlib1.dll
- gd###rve.com/x32/winsystemx86.exe
- gd###rve.com/param.txt
- wp#d/wpad.dat
- gd###rve.comx32/libcurl-4.dll
- gd###rve.com/x32/pthreadGC2.dll
- DNS ASK gd###rve.com
- DNS ASK gd###rve.comx32
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'