Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Explor' = '%CommonProgramFiles%\Tencent\services.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\winlogon.exe
- %CommonProgramFiles%\Tencent\tuziboyAuTo.dll
- %CommonProgramFiles%\Tencent\services.exe
- <SYSTEM32>\reg.exe ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Explor /t REG_SZ /d "%CommonProgramFiles%\Tencent\services.exe"
- <SYSTEM32>\cmd.exe /c mybat.bat
- %CommonProgramFiles%\Tencent\tuziboyAuTo.dll
- <Текущая директория>\mybat.bat
- %CommonProgramFiles%\Tencent\tuziboyAuTo.ocx
- %CommonProgramFiles%\Tencent\tuziboyDw.ocx
- %CommonProgramFiles%\Tencent\services.exe
- %CommonProgramFiles%\Tencent\tuziboyAuTo.dll
- %CommonProgramFiles%\Tencent\services.exe
- %CommonProgramFiles%\Tencent\tuziboyAuTo.ocx
- %CommonProgramFiles%\Tencent\tuziboyDw.ocx
- 'bk##.#avamg002.info':969
- 'tm#.##673tg.info':583
- 'tq#.##673tr.info':583
- 'tt##.ma3tg.info':583
- 'ba###.#amamg002.info':969
- 'ba###.#m7mmg002.info':969
- DNS ASK bk##.#avamg002.info
- DNS ASK tm#.##673tg.info
- DNS ASK tq#.##673tr.info
- DNS ASK tt##.ma3tg.info
- DNS ASK ba###.#amamg002.info
- DNS ASK ba###.#m7mmg002.info