Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AdvancedInstallation' = '"%ALLUSERSPROFILE%\Application Data\Antivirus\Uninstall.exe" -advinstall'
- %ALLUSERSPROFILE%\Application Data\Antivirus\Uninstall.exe
- '<IP-адрес в локальной сети>':80
- 'localhost':1038
- '70.##.11.165':80
- 70.##.11.165/admin/cgi-bin/get_domain.php?ty###########
- 70.##.11.165/admin/cgi-bin/get_domain.php?ty#######
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'