Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FWgui' = '%WINDIR%\ram\FWgui.exe'
- %WINDIR%\ram\svchost.exe 127.0.0.1 -n 60
- %WINDIR%\ram\FWgui.exe
- <LS_APPDATA>\zaero.exe
- <SYSTEM32>\taskkill.exe /im fwgui.exe /f
- <SYSTEM32>\reg.exe add "hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v FWgui /d "%WINDIR%\ram\FWgui.exe" /f
- <SYSTEM32>\taskkill.exe /im ipgeobase.exe /f
- %WINDIR%\ram\FWsrv.exe
- %WINDIR%\ram\FWgui.exe
- %TEMP%\2856M82N.bat
- %WINDIR%\ram\svchost.exe
- %TEMP%\size0.bat
- %TEMP%\cidr_ru_master_index.db
- <LS_APPDATA>\FWsrv.exe
- <LS_APPDATA>\FWgui.exe
- <LS_APPDATA>\zaero.exe
- %TEMP%\ipgeobase.exe
- %TEMP%\2760B5YS.bat
- %TEMP%\2856M82N.bat
- %TEMP%\2760B5YS.bat
- <LS_APPDATA>\FWsrv.exe
- <LS_APPDATA>\zaero.exe
- %TEMP%\2760B5YS.bat
- <LS_APPDATA>\FWgui.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''