Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\COMSysApp] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SENS] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SENS\Parameters] 'ServiceDll' = '%ALLUSERSPROFILE%\Application Data\whorloqui.dat'
- '<SYSTEM32>\net1.exe' start SENS
- '<SYSTEM32>\net.exe' start SENS
- '<SYSTEM32>\cmd.exe' /c net start Themes
- '<SYSTEM32>\net1.exe' start Themes
- '<SYSTEM32>\net.exe' start Themes
- '<SYSTEM32>\cmd.exe' /c net start SENS
- '<SYSTEM32>\net.exe' start COMSysApp
- '<SYSTEM32>\cmd.exe' /c net start COMSysApp
- '<SYSTEM32>\net1.exe' start COMSysApp
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\dllhost.exe' /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
- <SYSTEM32>\svchost.exe
- %TEMP%\12321312020.tmp
- %WINDIR%\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{A4D7DD94-461B-4211-8D45-A6C83B02F162}.crmlog
- %ALLUSERSPROFILE%\Application Data\whorloqui.dat
- %ALLUSERSPROFILE%\Documents\iuqolrohw.dat
- %ALLUSERSPROFILE%\Documents\iuqolrohw.dat
- %ALLUSERSPROFILE%\Application Data\whorloqui.dat
- %TEMP%\12321312020.tmp
- %WINDIR%\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{BF4C4D5C-6924-41E8-9BF1-DCC37DF6F31D}.crmlog