Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = 'c:\Server.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ':\Program Files\Common Files\svchtst.exe 20129472329.exe' = '%CommonProgramFiles%\svchtst.exe 20129472329.exe'
- %CommonProgramFiles%\svchtst.exe 20129472329.exe
- C:\Server.exe
- C:\417.exe
- C:\DNFЧоРВ°жГлЕДВфРРГв·С°ж.exe
- <SYSTEM32>\taskkill.exe /f /im Ksafetray.exe
- <SYSTEM32>\wbem\wmiprvse.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\drivetable.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\_filelst.cfg
- C:\Server.exe
- C:\417.exe
- C:\DNFЧоРВ°жГлЕДВфРРГв·С°ж.exe
- C:\Server.exe
- C:\DNFЧоРВ°жГлЕДВфРРГв·С°ж.exe
- C:\417.exe
- <SYSTEM32>\Restore\MachineGuid.txt
- C:\417.exe в %CommonProgramFiles%\svchtst.exe 20129472329.exe
- 'xq#####6100.gicp.net':8050
- 'xx#####1983.gicp.net':9000
- DNS ASK xq#####6100.gicp.net
- DNS ASK xx#####1983.gicp.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''