Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ctsaqep] 'Start' = '00000002'
- '%TEMP%\ёьРВ.exe'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\Нј.jpg
- %PROGRAM_FILES%\wi179656nd.temp
- %WINDIR%\HowArMe.txt
- %WINDIR%\HowArMe.reg
- %WINDIR%\MySomeInfo.ini
- %TEMP%\ёьРВ.exe
- %TEMP%\Нј.jpg
- %PROGRAM_FILES%\wi178078nd.temp
- %WINDIR%\MySomeInfo.ini
- %TEMP%\ёьРВ.exe
- %WINDIR%\HowArMe.txt
- %WINDIR%\HowArMe.reg
- %TEMP%\Ctsaqep в C:\ProgramFiles\Ctsa.dll
- %PROGRAM_FILES%\wi179656nd.temp в %CommonProgramFiles%\360liveupdate.dll
- %PROGRAM_FILES%\wi178078nd.temp в %TEMP%\Ctsaqep
- 'lb#####8785.gicp.net':785
- DNS ASK lb#####8785.gicp.net
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: '(null)'