Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{EC61805F-5220-11DE-BAE6-806D6172696F}' = '%APPDATA%\Identities\{EC61805F-5220-11DE-BAE6-806D6172696F}\svghost.exe'
- %APPDATA%\Identities\{EC61805F-5220-11DE-BAE6-806D6172696F}\svghost.exe
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\r.bat" "
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\index[1].htm
- <Текущая директория>\r.bat
- %APPDATA%\Identities\{EC61805F-5220-11DE-BAE6-806D6172696F}\svghost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\index[1].htm
- 'se######-2374-microsoft.com':80
- 'se######-4809-microsoft.com':80
- 'se######0301-microsoft.com':80
- 'se######-3761-microsoft.com':80
- 'se######-9976-microsoft.com':80
- 'se######-3405-microsoft.com':80
- se######-2374-microsoft.com/index.php
- se######-4809-microsoft.com/index.php
- se######0301-microsoft.com/index.php
- se######-3761-microsoft.com/index.php
- se######-9976-microsoft.com/index.php
- se######-3405-microsoft.com/index.php
- DNS ASK se######-2374-microsoft.com
- DNS ASK se######-4809-microsoft.com
- DNS ASK se######0301-microsoft.com
- DNS ASK se######-3761-microsoft.com
- DNS ASK se######-9976-microsoft.com
- DNS ASK se######-3405-microsoft.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Indicator' WindowName: ''