Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4IYW2EET-HY4V-N5D4-84NE-G76O43T6NNXS}] 'StubPath' = '"%TEMP%\Svchost.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'default' = '%TEMP%\Svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Project1' = '%APPDATA%\sjjgio\Project1.exe'
- '%TEMP%\Svchost.exe'
- '%TEMP%\RarSFX0\eCqaWr.exe' "SjJGIO"
- %APPDATA%\sjjgio\SjJGIO
- %APPDATA%\sjjgio\skype.exe
- %APPDATA%\sjjgio\eCqaWr.exe
- %APPDATA%\sjjgio\GRBltL.txt
- %APPDATA%\sjjgio\2.txt
- %TEMP%\.Identifier
- %APPDATA%\sjjgio\Project1.exe
- %APPDATA%\sjjgio\1.txt
- %TEMP%\Svchost.exe
- %TEMP%\RarSFX0\eCqaWr.exe
- %TEMP%\RarSFX0\TyTRfh.exe
- %TEMP%\RarSFX0\SjJGIO
- %TEMP%\RarSFX0\GRBltL.txt
- %TEMP%\TyTRfh.exe
- %TEMP%\SjJGIO
- %TEMP%\GRBltL.txt
- %TEMP%\eCqaWr.exe
- %TEMP%\RarSFX0\SjJGIO
- %TEMP%\RarSFX0\TyTRfh.exe
- %TEMP%\RarSFX0\eCqaWr.exe
- %TEMP%\RarSFX0\GRBltL.txt
- 'sm########s2700.is-certified.com':2700
- DNS ASK sm########s2700.is-certified.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''