Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'WebCheck' = '{E6FB5E20-DE35-11CF-9C87-00AA005127ED}'
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\_print_me] 'Name' = '%TEMP%\lkpkred9.dll'
- <SYSTEM32>\spoolsv.exe
- iexplore.exe
- <SYSTEM32>\lkpkred9.dll
- %WINDIR%\Temp\~01DB9F.tmp
- %TEMP%\lkpkred9.dll
- 'to###ogi.com':80
- to###ogi.com/tip/gate.php?id############################
- DNS ASK to###ogi.com
- '<IP-адрес в локальной сети>':1037