Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'antivirus' = '<SYSTEM32>\msved.exe'
- %HOMEPATH%\cress.exe
- <SYSTEM32>\msved.exe
- %APPDATA%\myregister.dll
- %HOMEPATH%\cress.exe
- %HOMEPATH%\cress.exe
- %APPDATA%\myregister.dll
- 'do####.linuxd.org':80
- 'do####.tombu.net':443
- DNS ASK do####.linuxd.org
- DNS ASK do####.tombu.net
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''