Техническая информация
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '"%APPDATA%\vx342LCT.exe"'
- %APPDATA%\vx342LCT.exe
- <SYSTEM32>\rundll32.exe desk.cpl,InstallScreenSaver %APPDATA%\vx342LCT.exe
- %APPDATA%\Microsoft\Windows\Themes\Custom.theme
- %TEMP%\.awz
- %PROGRAM_FILES%\MonProduit\Uninstal.exe
- %PROGRAM_FILES%\MonProduit\Uninstal.$$A
- %APPDATA%\vx342LCT.$$A
- 'jo###ca.x10.mx':80
- jo###ca.x10.mx/fake.php?us##################################
- DNS ASK jo###ca.x10.mx
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'InstItClass' WindowName: ''