Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Fraz' = '%PROGRAM_FILES%\Kasvk\Fraz\crypt.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\Dhcp] 'Start' = '00000002'
- '%PROGRAM_FILES%\Kasvk\Fraz\crypt.exe'
- '<SYSTEM32>\WScript.exe' "%PROGRAM_FILES%\Kasvk\Fraz\dns_bablo.vbs"
- '<SYSTEM32>\WScript.exe' "%PROGRAM_FILES%\Kasvk\Fraz\neznoesvidanie.vbs"
- %PROGRAM_FILES%\Kasvk\Fraz\Uninstall.ini
- %PROGRAM_FILES%\Kasvk\Fraz\Uninstall.exe
- %PROGRAM_FILES%\Kasvk\Fraz\dns_bablo.vbs
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\352[1]
- \Device\Mup\BVNSEUHJ*\MAILSLOT\NET\NETLOGON
- %PROGRAM_FILES%\Kasvk\Fraz\bat2.bat
- %PROGRAM_FILES%\Kasvk\Fraz\crypt.exe
- %PROGRAM_FILES%\Kasvk\Fraz\neznoesvidanie.vbs
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %PROGRAM_FILES%\Kasvk\Fraz\1.txt
- %PROGRAM_FILES%\Kasvk\Fraz\2.txt
- %PROGRAM_FILES%\Kasvk\Fraz\prostoigra.bat
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- '19#.#75.125.195':80
- 19#.#75.125.195/nupogodis/volch/352/?mw#####
- DNS ASK se#######.googletestadminwin.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK se######.googletestadminwin.com
- ClassName: 'Shell_TrayWnd' WindowName: ''