Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '8130192a' = '%APPDATA%\Roaming\8130192a.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '*130192a' = '%APPDATA%\Roaming\8130192a.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '8130192' = 'C:\8130192a\8130192a.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '*130192' = 'C:\8130192a\8130192a.exe'
- Компонент восстановления системы (SR)
- '<SYSTEM32>\bcdedit.exe' /set {default} bootstatuspolicy ignoreallfailures
- '<SYSTEM32>\vssvc.exe'
- '<SYSTEM32>\svchost.exe' -k swprv
- '<SYSTEM32>\bcdedit.exe' /set {default} recoveryenabled No
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\svchost.exe' netsvcs
- '<SYSTEM32>\vssadmin.exe' Delete Shadows /All /Quiet
- <SYSTEM32>\svchost.exe
- %WINDIR%\explorer.exe
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8130192a.exe
- %APPDATA%\Roaming\8130192a.exe
- C:\8130192a\8130192a.exe
- DNS ASK cu###yip.com
- DNS ASK ha####ldphotos.com
- DNS ASK ge###you.com
- DNS ASK ip##ddr.es
- DNS ASK dn#.##ftncsi.com
- DNS ASK my####rnalip.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''