Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'vJw19O' = '%HOMEPATH%\zZb70P\2.exe'
- [<HKCU>\Software\Microsoft\Windows\Currentversion\RunOnce] 'Microsoft' = '%LOCALAPPDATA%\svchost.exe'
- %WINDIR%\syswow64\svchost.exe
- iexplore.exe
- Процесс iexplore.exe, модуль wininet.dll
- Процесс firefox.exe, модуль nss3.dll
- %TEMP%\aute1c7.tmp
- %TEMP%\zbv13h.uh9
- %HOMEPATH%\rjd38f.txt
- %LOCALAPPDATA%\svchost.exe
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\svchost.exe
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\rcxe706.tmp
- %TEMP%\zbv13h.uh9
- %HOMEPATH%\rjd38f.txt
- %LOCALAPPDATA%\svchost.exe
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\svchost.exe
- %TEMP%\aute1c7.tmp
- %TEMP%\zbv13h.uh9
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\rcxe706.tmp в %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\svchost.exe
- '%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\svchost.exe'
- '%WINDIR%\syswow64\svchost.exe'