Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%HOMEPATH%\Start Menu\Programs\Startup\filename.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%HOMEPATH%\Start Menu\Programs\Startup\filename.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%APPDATA%\filename.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%APPDATA%\filename.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\filename.exe
- '%HOMEPATH%\Start Menu\Programs\Startup\filename.exe'
- '%APPDATA%\filename.exe'
- '<SYSTEM32>\dumprep.exe' 1656 -dm 7 7 %TEMP%\WERba5a.dir00\ctfmon.exe.mdmp 16325836412027256
- <SYSTEM32>\ctfmon.exe
- el_cli.ex
- l2.bin
- webmoney.exe
- AVP.EXE
- lin.bin
- avgcc.exe
- firefox.exe
- InphaseNXD.exe
- contactNG.exe
- AVP.COM
- el_cli.ex
- AVPCC.EXE
- httplook.exe
- nod32.exe
- inbank-start-ff.exe
- MCAGENT.EXE
- bc_loader.exe
- maplestory.exe
- wclnt.exe
- bclient.exe
- ashAvSrv.exe
- UniStream.exe
- AVGCC32.EXE
- lotroclient.exe
- tiny.exe
- AVGCTRL.EXE
- magent.exe
- translink.exe
- %ProgramFiles%\Client\client.exe
- %APPDATA%\filename.exe
- %APPDATA%\filename.exe
- '21#.#29.4.178':3535