Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'nservice32' = '"%APPDATA%\nservice32.exe" rk auto'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'nservice32' = '"%TEMP%\serwer.exe" rk auto'
- '%TEMP%\0.EXE'
- '%APPDATA%\nservice32.exe' rk auto
- '%TEMP%\nservice64.exe' -pf9d2zb87
- '%TEMP%\serwer.exe'
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
- %TEMP%\serwer.exe
- %TEMP%\nservice64.exe
- %TEMP%\0.EXE
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
- %APPDATA%\nservice32.exe
- 'crl.verisign.com':80
- 'cs######0-crl.verisign.com':80
- '21#.#86.57.81':80
- 'wp#d':80
- http://crl.verisign.com/pca3-g5.crl
- http://cs######0-crl.verisign.com/CSC3-2010.crl
- http://crl.verisign.com/pca3.crl
- http://21#.#86.57.81/add/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK cs######0-crl.verisign.com
- DNS ASK crl.verisign.com
- DNS ASK wp#d
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''