Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SystemHost' = '%APPDATA%\winlogon32.exe'
- '%APPDATA%\taskhost32.exe'
- '%APPDATA%\winlogon32.exe'
- %APPDATA%\winlogon32.exe
- %APPDATA%\taskhost32.exe
- %APPDATA%\%USERNAME%.0FABFBFF000206C2.ini
- %TEMP%\aut3.tmp
- %TEMP%\taskhost32.exe
- %TEMP%\aut1.tmp
- %TEMP%\winlogon32.exe
- %TEMP%\aut2.tmp
- %APPDATA%\winlogon32.exe
- %APPDATA%\taskhost32.exe
- %TEMP%\winlogon32.exe
- %TEMP%\aut3.tmp
- %TEMP%\taskhost32.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- 'www.wa###men.cba.pl':80
- www.wa###men.cba.pl/clients/All.txt
- www.wa###men.cba.pl/clients/URNXYMAV.0FABFBFF000206C2.txt
- www.wa###men.cba.pl/index.php
- DNS ASK www.wa###men.cba.pl
- ClassName: 'Indicator' WindowName: ''