Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Win-Help' = '%WINDIR%\winhlp.exe'
- %WINDIR%\win32spool.exe
- %WINDIR%\winhlp.exe
- <SYSTEM32>\cmd.exe /c """%TEMP%\RarSFX0\bat.bat"" "
- %WINDIR%\winhlp.exe
- %TEMP%\RarSFX0\Flood-Public-Version.exe
- %WINDIR%\win.bat
- %WINDIR%\win32spool.exe
- %WINDIR%\MSWINSCK.OCX
- %TEMP%\RarSFX0\win.bat
- %TEMP%\RarSFX0\MSWINSCK.OCX
- %TEMP%\RarSFX0\win32spool.exe
- %TEMP%\RarSFX0\bat.bat
- %TEMP%\RarSFX0\winhlp.exe
- %TEMP%\RarSFX0\Flood-Public-Version.exe
- %TEMP%\RarSFX0\bat.bat
- 'bi###.mooo.com':12994
- DNS ASK bi###.mooo.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''