Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'ar12B709dll.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] '118015' = '{5A041F13-A111-12B7-B0CF-F99818AA68A5}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{5A041F13-A111-12B7-B0CF-F99818AA68A5}' = 'ar12B709dll.dll'
- C:\3.exe
- C:\MiNi.exe
- <SYSTEM32>\cmd.exe /c %TEMP%\~AR118046.bat
- <SYSTEM32>\cmd.exe /c %TEMP%\~AR117515.bat
- dnf.exe
- 360tray.exe
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- <SYSTEM32>\ar12B709exe.gho
- <SYSTEM32>\ar12B709dll.dll
- %TEMP%\~AR118046.bat
- C:\3.exe
- C:\MiNi.exe
- %TEMP%\~AR117515.bat
- %TEMP%\2BFAA2B2.TMP
- <SYSTEM32>\ar12B709dll.dll
- <SYSTEM32>\ar12B709exe.gho
- C:\MiNi.exe
- C:\3.exe
- C:\3.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''