Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%APPDATA%\dll\svchost.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dll' = '%APPDATA%\dll\svchost.exe'
- %APPDATA%\dll\svchost.exe
- %TEMP%\3ACCB.dmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %APPDATA%\dll\svchost.exe
- %TEMP%\dw.log
- <SYSTEM32>\wbem\Logs\wbemess.lo_
- 'su####raffic.co.cc':6667
- DNS ASK su####raffic.co.cc
- ClassName: 'Shell_TrayWnd' WindowName: ''