Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\aspnet_statessia] 'Start' = '00000002'
- '<SYSTEM32>\svchosv.exe'
- '<SYSTEM32>\svchosv1.exe'
- <SYSTEM32>\svchosv1.exe
- <SYSTEM32>\svchosv.exe
- C:\yyy123
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\549b9b645cadfe6bb4bc69cf363c354c_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\c0528c2346cb928a9052304ef3ab8fd4_23ef5514-3059-436f-a4a7-4cefaab20eb1
- C:\yyy123
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\549b9b645cadfe6bb4bc69cf363c354c_23ef5514-3059-436f-a4a7-4cefaab20eb1
- 'qi###.f3322.org':1000
- DNS ASK qi###.f3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''