Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Svchost SAFE MODE' = '%APPDATA%\temp\Svchost(Safe Mode).exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Svchost SAFE MODE' = '%APPDATA%\temp\Svchost(Safe Mode).exe'
- <LS_APPDATA>\temp\Windows\S-1-5-21-931104322020-29957-1000\S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d-%d-%d%-d%d-%d\%d-%d%-d%d-%d\Boot.com
- %TEMP%\1EF3D.dmp
- %TEMP%\dw.log
- <LS_APPDATA>\temp\Windows\S-1-5-21-931104322020-29957-1000\S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d-%d-%d%-d%d-%d\%d-%d%-d%d-%d\Boot.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''