Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%HOMEPATH%\Favorites\filename.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%HOMEPATH%\Favorites\filename.exe'
- '%HOMEPATH%\Favorites\filename.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /tn "Audio" /rl highest /tr "'%ProgramFiles%\Battery\audiomgr.exe' /startup" /f
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\sysdm.cpl,NoExecuteProcessException <SYSTEM32>\ctfmon.exe
- '<SYSTEM32>\dumprep.exe' 1660 -dm 7 7 %TEMP%\WER5fec.dir00\ctfmon.exe.mdmp 16325836412027256
- '<SYSTEM32>\dumprep.exe' 1660 -dm 7 7 %TEMP%\WER5fec.dir00\ctfmon.exe.hdmp 16325836412027276
- <SYSTEM32>\svchost.exe
- kb_cli.ex
- <SYSTEM32>\cmd.exe
- fsav32.exe
- bclient.exe
- elementclient.exe
- GVOnline.bin
- gw.exe
- startclient7.exe
- ecmd.exe
- iexplore.exe
- gc.exe
- firefox.exe
- ge.exe
- bdagent.exe
- inbank-start-ff.exe
- tiny.exe
- aion.exe
- lin.bin
- ISClient.exe
- outpost.exe
- dnf.exe
- ZONEALARM.EXE
- ccapp.exe
- ashAvSrv.exe
- httplook.exe
- dekaron.exe
- intpro.exe
- l2.bin
- iscc.exe
- UniStream.exe
- %TEMP%\WER5fec.dir00\ctfmon.exe.hdmp
- %TEMP%\WER5fec.dir00\appcompat.txt
- %TEMP%\WER5fec.dir00\manifest.txt
- %HOMEPATH%\Favorites\filename.exe
- %ProgramFiles%\Battery\audiomgr.exe
- %TEMP%\WER5fec.dir00\ctfmon.exe.mdmp
- '19#.#23.25.88':3333