Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'b2e3bac99a' = '%APPDATA%\b2e3bac99a\9408b2e3ba.exe'
- Компонент восстановления системы (SR)
- '<SYSTEM32>\vssadmin.exe' Delete Shadows /All /Quiet
- '<SYSTEM32>\svchost.exe' netsvcs
- '%WINDIR%\explorer.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\explorer.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- %APPDATA%\b2e3bac99a\9408b2e3ba.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- 'bo###fszen.com':80
- 'ba###sugema.com':80
- 'am#####stictraining.com':80
- 'be####andblings.com':80
- 'bl#####restclocks.org':80
- 'bo###nmode.nl':80
- DNS ASK bo###fszen.com
- DNS ASK ba###sugema.com
- DNS ASK am#####stictraining.com
- DNS ASK be####andblings.com
- DNS ASK bl#####restclocks.org
- DNS ASK bo###nmode.nl
- ClassName: 'Indicator' WindowName: ''