Техническая информация
- [<HKLM>\SYSTEM\ControlSet003\Services\wsuiyx] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\ysuiyxdk] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\wsuiyx] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\wsuiyx] 'Start' = '00000002'
- '%TEMP%\is-T4BQL.tmp\is-R7PJD.tmp' /SL4 $50092 %TEMP%\asf_avi_rm_wmv_repair.exe 558636 50688
- '%TEMP%\server_10.06_god_pec.exe'
- '%TEMP%\asf_avi_rm_wmv_repair.exe'
- '<SYSTEM32>\svchost.exe' -k wsuiyx
- NtQueryDirectoryFile, драйвер-обработчик: gadiip.sys
- NtDeviceIoControlFile, драйвер-обработчик: gadiip.sys
- %TEMP%\is-T4BQL.tmp\is-R7PJD.tmp
- <DRIVERS>\gadiip.sys
- %TEMP%\is-VM03M.tmp\_shfoldr.dll
- <SYSTEM32>\gadiip.dll
- %TEMP%\asf_avi_rm_wmv_repair.exe
- %TEMP%\server_10.06_god_pec.exe
- <SYSTEM32>\0066c55.imi
- %TEMP%\server_10.06_god_pec.exe
- 'go#.#nv4.com':1121
- DNS ASK go#.#nv4.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'