Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '48e3q6n64bhz' = '%HOMEPATH%\48e3q6n64bhz\xirz.vbs'
- '%HOMEPATH%\48e3q6n64bhz\brosik.exe' LbiSn.ZIA
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %HOMEPATH%\48e3q6n64bhz\xirz.vbs
- %HOMEPATH%\48e3q6n64bhz\cvnjskswx.cmd
- %APPDATA%\pidloc.txt
- %APPDATA%\pid.txt
- %HOMEPATH%\48e3q6n64bhz\brosik.exe
- %HOMEPATH%\48e3q6n64bhz\DGrTNhbLT.MEJ
- %HOMEPATH%\48e3q6n64bhz\QdKXH.PIS
- %HOMEPATH%\48e3q6n64bhz\LbiSn.ZIA
- %HOMEPATH%\48e3q6n64bhz\QdKXH.PIS
- %HOMEPATH%\48e3q6n64bhz\xirz.vbs
- %HOMEPATH%\48e3q6n64bhz\cvnjskswx.cmd
- %HOMEPATH%\48e3q6n64bhz\DGrTNhbLT.MEJ
- %HOMEPATH%\48e3q6n64bhz\brosik.exe
- %HOMEPATH%\48e3q6n64bhz\LbiSn.ZIA
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'