Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'TCP Service' = '%PROGRAM_FILES%\TCP Service\tcpsv.exe'
- '%HOMEPATH%\78b89jt637r8r\SdGOZHfYZsPL.exe' mFCoLQKLSwr.ANJ
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %HOMEPATH%\78b89jt637r8r\fHWuiqMUt.WVM
- %APPDATA%\Roaming\FDAAD129-04DF-4089-BB80-174CE725F721\run.dat
- %PROGRAM_FILES%\TCP Service\tcpsv.exe
- %HOMEPATH%\78b89jt637r8r\prFyBLWmwDgz.UAG
- %HOMEPATH%\78b89jt637r8r\SdGOZHfYZsPL.exe
- %HOMEPATH%\78b89jt637r8r\mFCoLQKLSwr.ANJ
- %HOMEPATH%\78b89jt637r8r\mFCoLQKLSwr.ANJ
- %HOMEPATH%\78b89jt637r8r\fHWuiqMUt.WVM
- %HOMEPATH%\78b89jt637r8r\prFyBLWmwDgz.UAG
- %HOMEPATH%\78b89jt637r8r\SdGOZHfYZsPL.exe
- 'ca####k.mooo.com':9033
- DNS ASK dn#.##ftncsi.com
- DNS ASK ca####k.mooo.com
- ClassName: 'EDIT' WindowName: '(null)'