Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\bootvid1aaa] 'Start' = '00000002'
- '%TEMP%\OFFICE.exe'
- '<SYSTEM32>\rundll32.exe' "%CommonProgramFiles%\Microsoft Shared\MSInfo\bootvid1aaa.dll",ServiceBoot
- '<SYSTEM32>\wscript.exe' "%TEMP%\64bf_1a76.vbs" //B //Nologo
- %CommonProgramFiles%\Microsoft Shared\MSInfo\RCX2.tmp
- %CommonProgramFiles%\Microsoft Shared\MSInfo\bootvid1aaa.dll
- %TEMP%\64bf_1a76.vbs
- %CommonProgramFiles%\Microsoft Shared\MSInfo\bootvid1aaa.ini
- %TEMP%\RCX1.tmp
- %TEMP%\ГКєщБч№« №Ч »у°ьґлїм.hwp
- %TEMP%\OFFICE.exe
- %TEMP%\6e8e_24e7.dll
- %ALLUSERSPROFILE%\DebugLog.log
- %TEMP%\OFFICE.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\bootvid1aaa.ini
- %TEMP%\64bf_1a76.vbs
- %TEMP%\6e8e_24e7.dll
- %CommonProgramFiles%\Microsoft Shared\MSInfo\bootvid1aaa.dll
- %CommonProgramFiles%\Microsoft Shared\MSInfo\RCX2.tmp в %CommonProgramFiles%\Microsoft Shared\MSInfo\bootvid1aaa.dll
- %TEMP%\RCX1.tmp в %TEMP%\6e8e_24e7.dll
- 'by#####.kukunews.com':443
- DNS ASK by#####.kukunews.com
- ClassName: 'Shell_TrayWnd' WindowName: ''