Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,C:\DOCUME~1\%USERNAME%\LOCALS~1\Temp\MSDCSC\msdcsc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rundll32' = '%TEMP%\MSDCSC\msdcsc.exe'
- '%TEMP%\SERVAR.EXE'
- '%TEMP%\MSDCSC\msdcsc.exe'
- '%TEMP%\111111.exe'
- '%TEMP%\install_flashplayer13x32_mssa_awb_aih.exe'
- '<SYSTEM32>\notepad.exe'
- <SYSTEM32>\notepad.exe
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
- %TEMP%\SERVAR.EXE
- %TEMP%\111111.exe
- %TEMP%\MSDCSC\msdcsc.exe
- %TEMP%\install_flashplayer13x32_mssa_awb_aih.exe
- %TEMP%\MSDCSC\msdcsc.exe
- 'crl.verisign.com':80
- 'dd#####ata.zapto.org':871
- 'wp#d':80
- crl.verisign.com/pca3-g5.crl
- crl.verisign.com/pca3.crl
- wp#d/wpad.dat
- DNS ASK crl.verisign.com
- DNS ASK ev######.ws.symantec.com
- DNS ASK wp#d
- DNS ASK dd#####ata.zapto.org
- ClassName: '#32770' WindowName: '(null)'
- ClassName: 'SysListView32' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '#32770' WindowName: '<Служебное имя>'