Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3866d7d892' = '%APPDATA%\3866d7d892\3866d7d892.exe'
- Компонент восстановления системы (SR)
- '<SYSTEM32>\vssadmin.exe' Delete Shadows /All /Quiet
- '<SYSTEM32>\svchost.exe' netsvcs
- '%WINDIR%\explorer.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\explorer.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- %APPDATA%\3866d7d892\3866d7d892.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- 'ni####viscardi.com':80
- 'hi###niatv.tv':80
- 'wa###rmela.com':80
- 'sh###wdent.ro':80
- 'ho###ss.com.br':80
- 'ce###rgaz.pl':80
- DNS ASK ni####viscardi.com
- DNS ASK hi###niatv.tv
- DNS ASK wa###rmela.com
- DNS ASK sh###wdent.ro
- DNS ASK ho###ss.com.br
- DNS ASK ce###rgaz.pl
- ClassName: 'Indicator' WindowName: ''