Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{1G88873D-7UJ6-HPY5-2LRJ-NVCK78132GPI}] 'StubPath' = '"%TEMP%\Svchost.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NetWire' = '%TEMP%\Svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Project1' = '%APPDATA%\vlsaho\Project1.exe'
- '%TEMP%\Svchost.exe'
- '%TEMP%\RarSFX0\idAuVr.exe' "vLSaHO"
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %APPDATA%\vlsaho\jsKGsL.txt
- %APPDATA%\vlsaho\vLSaHO
- %TEMP%\Svchost.exe
- %APPDATA%\vlsaho\idAuVr.exe
- %APPDATA%\vlsaho\1.txt
- %APPDATA%\vlsaho\2.txt
- %APPDATA%\vlsaho\skype.exe
- %APPDATA%\vlsaho\Project1.exe
- %TEMP%\RarSFX0\idAuVr.exe
- %TEMP%\RarSFX0\Xacleh.exe
- %TEMP%\RarSFX0\vLSaHO
- %TEMP%\RarSFX0\jsKGsL.txt
- %TEMP%\Xacleh.exe
- %TEMP%\vLSaHO
- %TEMP%\jsKGsL.txt
- %TEMP%\idAuVr.exe
- %TEMP%\RarSFX0\Xacleh.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\RarSFX0\idAuVr.exe
- %TEMP%\RarSFX0\jsKGsL.txt
- %TEMP%\RarSFX0\vLSaHO
- 'st######nts.servehttp.com':1705
- DNS ASK st######nts.servehttp.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''