Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{1G88873D-7UJ6-HPY5-2LRJ-NVCK78132GPI}] 'StubPath' = '"%TEMP%\Svchost.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NetWire' = '%TEMP%\Svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Project1' = '%APPDATA%\djauir\Project1.exe'
- '%TEMP%\Svchost.exe'
- '%TEMP%\RarSFX0\pbhPWV.exe' "dJAuIr"
- %APPDATA%\djauir\RqSAto.txt
- %APPDATA%\djauir\dJAuIr
- %TEMP%\Svchost.exe
- %APPDATA%\djauir\pbhPWV.exe
- %APPDATA%\djauir\1.txt
- %APPDATA%\djauir\2.txt
- %APPDATA%\djauir\skype.exe
- %APPDATA%\djauir\Project1.exe
- %TEMP%\RarSFX0\pbhPWV.exe
- %TEMP%\RarSFX0\eYKffL.exe
- %TEMP%\RarSFX0\dJAuIr
- %TEMP%\RarSFX0\RqSAto.txt
- %TEMP%\eYKffL.exe
- %TEMP%\dJAuIr
- %TEMP%\RqSAto.txt
- %TEMP%\pbhPWV.exe
- %TEMP%\RarSFX0\pbhPWV.exe
- %TEMP%\RarSFX0\RqSAto.txt
- %TEMP%\RarSFX0\dJAuIr
- %TEMP%\RarSFX0\eYKffL.exe
- 'st######nts.servehttp.com':1705
- DNS ASK st######nts.servehttp.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''