Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RUNONCE] '*svchost' = '<SYSTEM32>\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{7BEC631D-6BD2-6CC3-6EC6-0CAD0BCE2AAC}] 'StubPath' = '<SYSTEM32>\svchost.exe 2'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '*svchost' = '<SYSTEM32>\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '<SYSTEM32>\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '<SYSTEM32>\svchost.exe'
- %TEMP%\uncrypted.exe
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- [<HKLM>\SOFTWARE\MICROSOFT\MSNMessenger]
- %TEMP%\uncrypted.exe
- %TEMP%\crypt
- %TEMP%\aut1.tmp
- %TEMP%\aut1.tmp
- ClassName: 'Indicator' WindowName: ''