Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'ntvdgtx' = '{537be37e-dbf3-2048-ec04-dbf36bf60803}'
- '%HOMEPATH%\121.exe'
- '%TEMP%\RarSFX0\zzp8288.exe'
- '%TEMP%\RarSFX0\51.exe'
- '%ALLUSERSPROFILE%\Favorites\5.exe'
- '%ALLUSERSPROFILE%\Favorites\6.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\puvkdxjr.dat s
- <SYSTEM32>\puvkdxjr.dat
- %TEMP%\nsn2.tmp\System.dll
- <SYSTEM32>\agiqtgk.dll
- <SYSTEM32>\ioqybos.dll
- <SYSTEM32>\msucfsw.dll
- %ALLUSERSPROFILE%\Favorites\6.exe
- %ALLUSERSPROFILE%\Favorites\5.exe
- %TEMP%\RarSFX0\51.exe
- %HOMEPATH%\121.exe
- %TEMP%\RarSFX0\zzp8288.exe
- <SYSTEM32>\ioqybos.dll
- %TEMP%\RarSFX0\51.exe
- %TEMP%\nsn2.tmp\System.dll
- %TEMP%\RarSFX0\zzp8288.exe в %TEMP%\91.TMP
- 'v3##.u25c2b.com':80
- 'v2##.u25c2b.com':80
- 's1##.s2b6v5.com':80
- DNS ASK v3##.u25c2b.com
- DNS ASK v2##.u25c2b.com
- DNS ASK s1##.s2b6v5.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'