Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sgnl' = '%WINDIR%\sgnl.exe'
- '%WINDIR%\sgnl.exe'
- '<SYSTEM32>\wermgr.exe' -queuereporting
- '<SYSTEM32>\taskhost.exe' $(Arg0)
- C:\ProgramData\Microsoft\RAC\Temp\sql8516.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlC773.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlC793.tmp
- %WINDIR%\sgnl.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\1[1].txt
- C:\ProgramData\Microsoft\RAC\Temp\sql8536.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql8516.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql8536.tmp
- 'www.xf##s.com':80
- 'localhost':54804
- www.xf##s.com/1.txt?42
- DNS ASK www.xf##s.com
- ClassName: '(null)' WindowName: '(null)'