Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'sppsvcsw' = '%APPDATA%\Microsoft\sppsvcsw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Svchost' = '%TEMP%\Win32\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '130516067932' = '%APPDATA%\130516067932\130516067932.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DlPhBkTi' = '%APPDATA%\DlPhBkTi\DlPhBkTi.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Taskhost' = '%ALLUSERSPROFILE%\Application Data\Taskhost\Taskhost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Taskhost' = '%ALLUSERSPROFILE%\Application Data\Taskhost\Taskhost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Vhost' = '%ALLUSERSPROFILE%\Documents\Backup\Vhost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Vhost' = '%ALLUSERSPROFILE%\Documents\Backup\Vhost.exe'
- %APPDATA%\Microsoft\sppsvcsw.exe
- %APPDATA%\DlPhBkTi\DlPhBkTi.exe
- %APPDATA%\130516067932\130516067932.exe
- %ALLUSERSPROFILE%\Application Data\Taskhost\Taskhost.exe
- %ALLUSERSPROFILE%\Documents\Backup\Vhost.exe
- %TEMP%\Win32\svchost.exe
- %APPDATA%\Microsoft\sppsvcsw.exe
- %APPDATA%\DlPhBkTi\DlPhBkTi.exe
- %APPDATA%\130516067932\130516067932.exe
- %ALLUSERSPROFILE%\Application Data\Taskhost\Taskhost.exe
- %ALLUSERSPROFILE%\Documents\Backup\Vhost.exe
- %TEMP%\Win32\svchost.exe
- 'dl.#####oxusercontent.com':443
- DNS ASK dl.#####oxusercontent.com
- ClassName: 'Indicator' WindowName: '(null)'