Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = ''
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = '%TEMP%\svchost\svchost.exe,explorer.exe'
- '%TEMP%\svchost\svchost.exe' 0x5f0 svchost.exe
- '%TEMP%\svchost\svchost.exe' 0xe20 svchost.exe
- '%TEMP%\svchost\svchost.exe'
- '%TEMP%\svchost\svchost.exe' /pid=0x570 /log
- '<SYSTEM32>\taskeng.exe' /pid=0x7b4 /log
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\WScript.exe' "%TEMP%\CXfK.vbs" 0
- <SYSTEM32>\conhost.exe
- <Служебный элемент>
- %TEMP%\CXfK.vbs
- %TEMP%\svchost\svchost.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK fr####ck01.ddns.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''