Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SInternC] 'ImagePath' = '<SYSTEM32>\nasafemo.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SInternC] 'Start' = '00000002'
- <SYSTEM32>\msndgy.exe
- <SYSTEM32>\msaacou.exe
- <SYSTEM32>\nasafemo.exe
- C:\winx86a\msfhurpp.exe "<Полный путь к вирусу>" 2464
- <SYSTEM32>\nasafemo.exe /install /silent
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- <SYSTEM32>\msndgy.exe
- <SYSTEM32>\msaacou.exe
- <SYSTEM32>\msovfk.dll
- <SYSTEM32>\mstlj.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- <SYSTEM32>\nasafemo.exe
- C:\winx86a\msfhurpp.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\winx86a\msfhurpp.exe
- '10.#.95.2':3232
- ClassName: 'Shell_TrayWnd' WindowName: ''