Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{1G88873D-7UJ6-HPY5-2LRJ-NVCK78132GPI}] 'StubPath' = '"%TEMP%\Svchost.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NetWire' = '%TEMP%\Svchost.exe'
- '%TEMP%\Svchost.exe'
- '%TEMP%\RarSFX0\mlJcuu.exe' "ATbIgr"
- %TEMP%\BIlTEL.exe
- %TEMP%\mlJcuu.exe
- %TEMP%\Svchost.exe
- %TEMP%\ATbIgr
- %TEMP%\nBTnSo.txt
- %TEMP%\RarSFX0\nBTnSo.txt
- %TEMP%\RarSFX0\ATbIgr
- %TEMP%\RarSFX0\BIlTEL.exe
- %TEMP%\RarSFX0\mlJcuu.exe
- %TEMP%\RarSFX0\mlJcuu.exe
- %TEMP%\RarSFX0\nBTnSo.txt
- %TEMP%\RarSFX0\ATbIgr
- %TEMP%\RarSFX0\BIlTEL.exe
- 'st######nts.servehttp.com':1705
- DNS ASK st######nts.servehttp.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''