Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Nwsapagent] 'Start' = '00000002'
- '<SYSTEM32>\wermgr.exe' "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_Nwsa_71b23bfa120d4ab39765679f33c3098b44fb5b_cab_09ff93c6"
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\spxroute.tmp
- <SYSTEM32>\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\prx[1].sec
- %TEMP%\install.tmp
- %TEMP%\release.tmp
- <SYSTEM32>\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\prx[1].sec
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_Nwsa_71b23bfa120d4ab39765679f33c3098b44fb5b_cab_09ff93c6\Report.wer.tmp в C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_Nwsa_71b23bfa120d4ab39765679f33c3098b44fb5b_cab_09ff93c6\Report.wer
- %TEMP%\release.tmp в <SYSTEM32>\Nwsapagentex.dll
- %TEMP%\install.tmp в <SYSTEM32>\install.tmp
- '19#.#00.113.27':80
- 19#.#00.113.27/httpdocs/prx.sec
- 19#.#00.113.27/cgi-bin/vip.cgi