Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'BackUp2091017245' = '%APPDATA%\Roaming\BackUp2091017245.exe'
- iexplore.exe
- <LS_APPDATA>\Microsoft\Internet Explorer\Recovery\High\Active\{5D3034FE-1C1E-11E5-AF71-FB3F5A4FDCF3}.dat
- %TEMP%\~DFD543D6686842C818.TMP
- <LS_APPDATA>\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5D3034FC-1C1E-11E5-AF71-FB3F5A4FDCF3}.dat
- %TEMP%\~DFAF6B1AB50C65FA5C.TMP
- %TEMP%\tmpE478.tmp
- %APPDATA%\Roaming\BackUp2091017245.exe
- %TEMP%\NTFS.sys
- %TEMP%\tmp7FFA.tmp
- %TEMP%\~DF9A6BB533E5EC4E2A.TMP
- <LS_APPDATA>\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4A599111-1C1E-11E5-AF71-FB3F5A4FDCF3}.dat
- %TEMP%\tmp1F3.tmp
- <LS_APPDATA>\Microsoft\Internet Explorer\Recovery\High\Active\{4A599113-1C1E-11E5-AF71-FB3F5A4FDCF3}.dat
- %TEMP%\tmp6F47.tmp
- %TEMP%\L2091017245
- %TEMP%\~DF54544432F868BCD2.TMP
- DNS ASK go.###rosoft.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK in####ntsign10.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''