Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SecuIntC] 'ImagePath' = '<SYSTEM32>\securiintec.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SecuIntC] 'Start' = '00000002'
- '<SYSTEM32>\msdmxk.exe'
- '<SYSTEM32>\mswufzv.exe'
- '<SYSTEM32>\securiintec.exe'
- 'C:\winx86a\msabzz.exe' "<Полный путь к вирусу>" 2848
- '<SYSTEM32>\securiintec.exe' /install /silent
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- <SYSTEM32>\msdmxk.exe
- <SYSTEM32>\mswufzv.exe
- <SYSTEM32>\msanh.dll
- <SYSTEM32>\msvjanzu.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- <SYSTEM32>\securiintec.exe
- C:\winx86a\msabzz.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\winx86a\msabzz.exe
- 'em####as.no-ip.biz':53125
- DNS ASK em####as.no-ip.biz
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'