Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Гв·СФщЛНёшДг.exe' = '<SYSTEM32>\Гв·СФщЛНёшДг.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] 'Гв·СФщЛНёшДг.exe' = '<SYSTEM32>\Гв·СФщЛНёшДг.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Гв·СФщЛНёшДг.exe' = '<SYSTEM32>\Гв·СФщЛНёшДг.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Гв·СФщЛНёшДг.exe' = '<SYSTEM32>\Гв·СФщЛНёшДг.exe'
- <SYSTEM32>\Гв·СФщЛНёшДг.exe
- C:\Гв·СФщЛНёшДг.exe
- <SYSTEM32>\cmd.exe /c 1.bat
- <SYSTEM32>\notepad.exe c:\8080»г±аКЦІб.txt
- <SYSTEM32>\Гв·СФщЛНёшДг.exe
- C:\1.bat
- C:\Гв·СФщЛНёшДг.exe
- C:\8080»г±аКЦІб.txt
- C:\8080»г±аКЦІб.txt
- C:\Гв·СФщЛНёшДг.exe
- 'ni####123.9966.org':9393
- DNS ASK ni####123.9966.org
- ClassName: 'Shell_TrayWnd' WindowName: ''