Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows WinScare Diagnostics Service] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinScare Service] 'Start' = '00000002'
- <SYSTEM32>\svcscrwin.exe
- <SYSTEM32>\wdrwscsvc.exe /i
- <SYSTEM32>\svcscrwin.exe /start
- <SYSTEM32>\svcscrwin.da.exe /stop
- <SYSTEM32>\svcscrwin.exe /i
- %WINDIR%\explorer.exe
- %WINDIR%\explorer.exe
- %PROGRAM_FILES%\WinScare\winscrb.da
- %PROGRAM_FILES%\WinScare\winscrs.da_
- <SYSTEM32>\wdrwscsvc.da
- %PROGRAM_FILES%\WinScare\winscrb.da_
- %PROGRAM_FILES%\WinScare\winscrr.exe.da
- %PROGRAM_FILES%\WinScare\uninst.exe
- %PROGRAM_FILES%\WinScare\winscrs.da
- %PROGRAM_FILES%\WinScare\winscrr.exe.da_
- <SYSTEM32>\wdrwscsvc.da_
- %TEMP%\nss2.tmp\nsProcEx.dll
- %TEMP%\nss2.tmp\winscrs.da_
- %TEMP%\nss2.tmp\SelfDel.dll
- %TEMP%\nss2.tmp\System.dll
- <SYSTEM32>\svcscrwin.da_
- <SYSTEM32>\svcscrwin.da
- %TEMP%\nss2.tmp\winscrs.dll
- %TEMP%\nss2.tmp\nsProcess.dll
- %TEMP%\nss2.tmp\nsProcEx.dll
- %TEMP%\nss2.tmp\nsProcess.dll
- %TEMP%\nss2.tmp\SelfDel.dll
- %TEMP%\nss2.tmp\winscrs.dll
- %TEMP%\nss2.tmp\System.dll
- %PROGRAM_FILES%\WinScare\winscrr.exe.da_
- <SYSTEM32>\svcscrwin.da_
- %TEMP%\nss2.tmp\winscrs.da_
- <SYSTEM32>\wdrwscsvc.da_
- %PROGRAM_FILES%\WinScare\winscrs.da_
- %PROGRAM_FILES%\WinScare\winscrb.da_
- 'www.dd###zplus.com':80
- DNS ASK www.dd###zplus.com