Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Java Virtual Machine' = 'wingtsv.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Explorer Options' = ''
- '%TEMP%\pxrilqq.exe'
- '<SYSTEM32>\wnsydrv.exe' a
- '%WINDIR%\File1.exe'
- '%WINDIR%\Registration\WinUpdate.exe'
- '<SYSTEM32>\notepad.exe' %TEMP%\WinUpdate.txt
- <SYSTEM32>\wingtsv.exe
- <SYSTEM32>\wnsydrv.exe
- <SYSTEM32>\fsdutil.exe
- <SYSTEM32>\ntvdc.exe
- %WINDIR%\Registration\WinUpdate.exe
- %WINDIR%\File1.exe
- %TEMP%\pxrilqq.exe
- %TEMP%\WinUpdate.txt
- <SYSTEM32>\ntvdc.exe
- <SYSTEM32>\fsdutil.exe
- <SYSTEM32>\wnsydrv.exe
- <SYSTEM32>\wingtsv.exe
- <SYSTEM32>\ntvdc.exe
- <SYSTEM32>\fsdutil.exe
- <SYSTEM32>\wnsydrv.exe
- <SYSTEM32>\wingtsv.exe
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'