Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AutoAudio.exe' = '"%TEMP%\avp.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\Spooler] 'Start' = '00000002'
- <SYSTEM32>\cscript.exe ""%TEMP%\temp.vbs""
- %TEMP%\print32.dll
- %TEMP%\avp.exe
- %CommonProgramFiles%\odbc.nls
- <SYSTEM32>\wmsec.dat
- %WINDIR%\0B54_cscript.exe_0.ndmp
- %TEMP%\Taniltsuulga.doc .exe
- %TEMP%\Taniltsuulga-.doc.exe
- %TEMP%\Taniltsuulga-.doc
- %TEMP%\temp.vbs
- %TEMP%\svchost.exe
- <SYSTEM32>\wmsec.dat
- %TEMP%\print32.dll
- %TEMP%\temp.vbs
- %TEMP%\Taniltsuulga.doc .exe
- 'mo###l1.mine.nu':53
- DNS ASK mo###l1.mine.nu
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''