Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'lgjrWVXcAWJuA' = '<SYSTEM32>\xGtoLoV\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'lgjrWVXcAWJuA' = '<SYSTEM32>\xGtoLoV\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lgjrWVXcAWJuA' = '<SYSTEM32>\xGtoLoV\svchost.exe'
- <SYSTEM32>\xGtoLoV\svchost.exe
- <Текущая директория>\NMTHMIIa.bat
- <SYSTEM32>\xGtoLoV\svchost.exe
- <Текущая директория>\NMTHMIIa.bat
- <SYSTEM32>\xGtoLoV\svchost.exe
- %TEMP%\~DFB559.tmp
- 'ku####.codns.com':11900
- '1.###.38.153':8080
- DNS ASK ku####.codns.com
- ClassName: '' WindowName: '???? - V3 Lite'
- ClassName: '' WindowName: '?????? ??'
- ClassName: '' WindowName: 'Kernel Detective v1.4.0 :: svchost.exe'
- ClassName: '' WindowName: 'svchost.exe ??'
- ClassName: '' WindowName: 'Process Hacker [CRNJEUFU\%USERNAME%]'
- ClassName: '' WindowName: 'Process Explorer - Sysinternals: www.sysinternals.com'
- ClassName: '' WindowName: '???? ???? ???'
- ClassName: '' WindowName: '???? ??'
- ClassName: '' WindowName: '?????? v 1.91'
- ClassName: '' WindowName: '?????? v 2.1'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: '??? ?? ??'
- ClassName: '' WindowName: 'Kernel Detective v1.4.0 :: System Idle Process'
- ClassName: '' WindowName: '???? [EzClean]'
- ClassName: '' WindowName: '????'