Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'internet' = '%TEMP%\~Tmp009\winpsvm.exe'
- %TEMP%\~Tmp009\winpsvm.exe
- %TEMP%\ms3104.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\web[1].htm
- <Текущая директория>\DVLA ICT contract let request form of 2012.doc
- %TEMP%\~Tmp009\winpsvm.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\web[1].htm
- 'up####.#ysecondarydns.com':80
- up####.#ysecondarydns.com/web.htm
- DNS ASK up####.#ysecondarydns.com
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''