Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '<LS_APPDATA>\Microsoft\svchost.exe'
- '<LS_APPDATA>\Microsoft\svchost.exe'
- '%TEMP%\is-1BV57.tmp\abcww.tmp' /SL5="$200F6,834612,145920,%TEMP%\abcww.exe"
- '%TEMP%\abcww.exe'
- '%TEMP%\is-GACUA.tmp\abcww.tmp' /SL5="$400E0,834612,145920,%TEMP%\abcww.exe"
- <LS_APPDATA>\Microsoft\svchost.exe
- %TEMP%\res.ico2
- %TEMP%\aut3.tmp
- %TEMP%\aut4.tmp
- %TEMP%\is-1BV57.tmp\abcww.tmp
- %TEMP%\abcww.exe
- %TEMP%\aut1.tmp
- %TEMP%\is-GACUA.tmp\abcww.tmp
- %TEMP%\res.ico
- %TEMP%\aut2.tmp
- <LS_APPDATA>\Microsoft\svchost.exe
- %TEMP%\aut4.tmp
- %TEMP%\res.ico2
- %TEMP%\aut3.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- '2f####o.no-ip.biz':3074
- DNS ASK 2f####o.no-ip.biz
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'