Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fa6b314' = '%APPDATA%\fa6b314\dfc75.exe'
- Компонент восстановления системы (SR)
- '<SYSTEM32>\vssadmin.exe' Delete Shadows /All /Quiet
- '<SYSTEM32>\svchost.exe' netsvcs
- '%WINDIR%\explorer.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\explorer.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- %APPDATA%\fa6b314\dfc75.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- 'em###nde21.es':80
- 'mo#####yclassifieds.com':80
- 'gr###larias.org':80
- 'en######usweis-solingen.de':80
- 'go#####echarlies.biz':80
- 'my###b.in.ua':80
- DNS ASK em###nde21.es
- DNS ASK mo#####yclassifieds.com
- DNS ASK gr###larias.org
- DNS ASK en######usweis-solingen.de
- DNS ASK go#####echarlies.biz
- DNS ASK my###b.in.ua
- ClassName: 'Indicator' WindowName: ''