Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{11RHR281-4VR8-E847-JB3E-F1FV2C7LKJG0}] 'StubPath' = '"%TEMP%\Svchost.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NetWire' = '%TEMP%\Svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Project1' = '%APPDATA%\zfkkgd\Project1.exe'
- '%TEMP%\Svchost.exe'
- '%TEMP%\RarSFX0\lxSFUH.exe' "ZfKkGd"
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %APPDATA%\zfkkgd\NNcpra.txt
- %APPDATA%\zfkkgd\ZfKkGd
- %TEMP%\Svchost.exe
- %APPDATA%\zfkkgd\lxSFUH.exe
- %APPDATA%\zfkkgd\1.txt
- %APPDATA%\zfkkgd\2.txt
- %APPDATA%\zfkkgd\skype.exe
- %APPDATA%\zfkkgd\Project1.exe
- %TEMP%\RarSFX0\lxSFUH.exe
- %TEMP%\RarSFX0\auuVdw.exe
- %TEMP%\RarSFX0\ZfKkGd
- %TEMP%\RarSFX0\NNcpra.txt
- %TEMP%\auuVdw.exe
- %TEMP%\ZfKkGd
- %TEMP%\NNcpra.txt
- %TEMP%\lxSFUH.exe
- %TEMP%\RarSFX0\ZfKkGd
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\RarSFX0\auuVdw.exe
- %TEMP%\RarSFX0\lxSFUH.exe
- %TEMP%\RarSFX0\NNcpra.txt
- 'he######iboi.redirectme.net':1506
- DNS ASK he######iboi.redirectme.net
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''