Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SystemHost' = '%APPDATA%\winlogon32.exe'
- '%APPDATA%\taskhost32.exe'
- '%TEMP%\Dark Bot 1.0 by GameOverMan.exe'
- '%APPDATA%\winlogon32.exe'
- %TEMP%\aut8.tmp
- %TEMP%\ELA.bmp
- %TEMP%\SBU.bmp
- %TEMP%\BRB.bmp
- %TEMP%\aut7.tmp
- %TEMP%\aut9.tmp
- %APPDATA%\%USERNAME%.0FABFBFF000206D7.ini
- %TEMP%\black.bmp
- %TEMP%\ECI.bmp
- %TEMP%\autA.tmp
- %TEMP%\aut6.tmp
- %TEMP%\taskhost32.exe
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\Dark Bot 1.0 by GameOverMan.exe
- %TEMP%\winlogon32.exe
- %TEMP%\aut5.tmp
- %TEMP%\RPM.bmp
- %TEMP%\aut4.tmp
- %APPDATA%\taskhost32.exe
- %APPDATA%\winlogon32.exe
- %APPDATA%\winlogon32.exe
- %APPDATA%\taskhost32.exe
- %TEMP%\aut7.tmp
- %TEMP%\aut6.tmp
- %TEMP%\aut5.tmp
- %TEMP%\autA.tmp
- %TEMP%\aut9.tmp
- %TEMP%\aut8.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut4.tmp
- %TEMP%\winlogon32.exe
- %TEMP%\taskhost32.exe
- 'www.wa###men.cba.pl':80
- www.wa###men.cba.pl/clients/All.txt
- www.wa###men.cba.pl/clients/URNXYMAV.0FABFBFF000206D7.txt
- www.wa###men.cba.pl/index.php
- DNS ASK www.wa###men.cba.pl
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'