Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe rundll32.exe glrl.rvo hdppn'
- %TEMP%\nsh3.tmp\webtraff.exe
- %TEMP%\nsh3.tmp\CB-WP.exe
- %TEMP%\nsh3.tmp\dnu.exe
- %TEMP%\nsh3.tmp\verter.exe
- %TEMP%\nsh3.tmp\e4u.exe
- %TEMP%\nsh3.tmp\ep.exe
- <SYSTEM32>\wbem\wmiadap.exe /R /T
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\glrl.rvo
- %TEMP%\5.tmp
- %TEMP%\~4.bat
- %TEMP%\6.tmp
- %TEMP%\Aqz..bat
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %WINDIR%\Temp\8.tmp
- %TEMP%\nsh3.tmp\e4u.exe
- %TEMP%\nsh3.tmp\verter.exe
- %TEMP%\nsl2.tmp
- %TEMP%\nsh3.tmp\ep.exe
- %TEMP%\nsh3.tmp\dnu.exe
- %TEMP%\nsh3.tmp\CB-WP.exe
- %TEMP%\nsh3.tmp\webtraff.exe
- %TEMP%\~4.bat
- %TEMP%\~4.bat
- %TEMP%\nsh3.tmp\webtraff.exe
- <SYSTEM32>\spool\prtprocs\w32x86\7.tmp
- %WINDIR%\Temp\8.tmp
- %TEMP%\nsh3.tmp\verter.exe
- %TEMP%\nsh3.tmp\dnu.exe
- %TEMP%\nsh3.tmp\CB-WP.exe
- %TEMP%\nsh3.tmp\ep.exe
- %TEMP%\nsh3.tmp\e4u.exe
- %TEMP%\6.tmp в <SYSTEM32>\spool\prtprocs\w32x86\7.tmp
- 'wo####tsstudio.com':80
- DNS ASK wo####tsgallery.com
- DNS ASK co###-arts.com
- DNS ASK av##i.com
- DNS ASK wo####tsstudio.com
- DNS ASK cb###uuepq.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''