Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ClipSrv] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\ClipSrv] 'ImagePath' = '"%ALLUSERSPROFILE%\WordPad\{8DC7DC7B-567D-1BF6-835E-DEB4EFD427DB}\cftmon.exe" -service'
- [<HKLM>\SYSTEM\ControlSet001\Services\aspnet_state] 'ImagePath' = '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\aspnet_state] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\aspnet_state] 'ImagePath' = '"%ALLUSERSPROFILE%\WordPad\{8DC7DC7B-567D-1BF6-835E-DEB4EFD427DB}\cftmon.exe" -service'
- '%ALLUSERSPROFILE%\WordPad\{8DC7DC7B-567D-1BF6-835E-DEB4EFD427DB}\cftmon.exe' -service
- C:\1.txt
- %ALLUSERSPROFILE%\WordPad\{8DC7DC7B-567D-1BF6-835E-DEB4EFD427DB}\cftmon.exe
- 'ch#####legs.mooo.com':443
- DNS ASK ch#####legs.mooo.com