Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\trfovwdtkrn] 'ImagePath' = '<SYSTEM32>\msktdo.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\trfovwdtkrn] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\winmgmt] 'Start' = '00000002'
- '<SYSTEM32>\msktdo.exe'
- '<SYSTEM32>\msbikezo.exe'
- '<SYSTEM32>\msepeta.exe'
- 'C:\temp\photo.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen C:\temp\Pasaporte Miguel Angel Perez.jpg
- '<SYSTEM32>\msktdo.exe' /install /silent "Data Overview Kernel Transfer"
- <SYSTEM32>\msbikezo.exe
- <SYSTEM32>\msvijol.dll
- <SYSTEM32>\msktdo.exe
- <SYSTEM32>\msepeta.exe
- C:\temp\Pasaporte Miguel Angel Perez.jpg
- C:\temp\photo.exe
- <SYSTEM32>\mstutele.dll
- <SYSTEM32>\mslazixe.dll
- C:\temp\photo.exe
- 'po#.#mail.com':995
- 'im#####orrlp.ddns.net':53125
- '17#.#6.243.178':53125
- DNS ASK po#.#mail.com
- DNS ASK im#####orrlp.ddns.net
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''