Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'UpdateM' = '%APPDATA%\mservice32_m.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Update' = ''
- %APPDATA%\mservice32_m.exe
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen "%TEMP%\23696919.png"
- %APPDATA%\mservice32_m.exe
- %TEMP%\23696919.png
- %TEMP%\server_em.exe
- 'ks####.kimsufi.com':80
- ks####.kimsufi.com/check_version.php?em##
- DNS ASK ks####.kimsufi.com
- '<IP-адрес в локальной сети>':1033
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'eter - s0:b4:p:548e40' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''