Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XXXXXX7F24A659' = '%WINDIR%\XXXXXX7F24A659.exe'
- '%TEMP%\cetrainers\CET2.tmp\°нЅєЖ®ё¶АМЕ©.exe' -ORIGIN:"C:\"
- '%TEMP%\cetrainers\CET2.tmp\extracted\°нЅєЖ®ё¶АМЕ©.exe' "%TEMP%\cetrainers\CET2.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:C:\"
- 'C:\Server.exe'
- 'C:\°нЅєЖ®ё¶АМЕ©.exe'
- %TEMP%\cetrainers\CET2.tmp\extracted\defines.lua
- %TEMP%\cetrainers\CET2.tmp\extracted\CET_TRAINER.CETRAINER
- %TEMP%\cetrainers\CET2.tmp\extracted\°нЅєЖ®ё¶АМЕ©.exe
- %TEMP%\cetrainers\CET2.tmp\extracted\win32\dbghelp.dll
- %TEMP%\cetrainers\CET2.tmp\extracted\lua5.1-32.dll
- C:\°нЅєЖ®ё¶АМЕ©.exe
- C:\Server.exe
- %WINDIR%\XXXXXX7F24A659.exe
- %TEMP%\cetrainers\CET2.tmp\°нЅєЖ®ё¶АМЕ©.exe
- %TEMP%\cetrainers\CET2.tmp\CET_Archive.dat
- %TEMP%\cetrainers\CET2.tmp\extracted\CET_TRAINER.CETRAINER
- 'kd####715.codns.com':80
- DNS ASK kd####715.codns.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: '??????????????'