Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\winlogon.exe' = '<SYSTEM32>\winlogon.exe:*:enabled:@shell32.dll,-1'
- <SYSTEM32>\ftp.exe -i -s:""%TEMP%\MMBPlayer\Upload.txt""
- <SYSTEM32>\cmd.exe /c """%TEMP%\MMBPlayer\DELA.cmd"" "
- <SYSTEM32>\ftp.exe -i -s:""%TEMP%\MMBPlayer\Display.txt""
- <SYSTEM32>\cmd.exe /c """%TEMP%\MMBPlayer\Upload.cmd"" "
- <SYSTEM32>\winlogon.exe
- [<HKCU>\Software\Yahoo\Pager]
- [<HKCU>\Software\Microsoft\IdentityCRL]
- [<HKCU>\Software\Microsoft\MessengerService]
- [<HKCU>\Software\Google\Google Talk\Accounts]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- %TEMP%\MMBPlayer\Upload.txt
- %TEMP%\MMBPlayer\Display.txt
- %TEMP%\MMBPlayer\FF.txt
- %TEMP%\MMBPlayer\Upload.cmd
- %TEMP%\MMBPlayer\FF.exe
- %TEMP%\MMBPlayer\IE.exe
- %TEMP%\MMBPlayer\DELA.cmd
- %TEMP%\MMBPlayer\M.exe
- %TEMP%\MMBPlayer\FF.txt
- %TEMP%\MMBPlayer\Display.txt
- %TEMP%\MMBPlayer\Upload.txt
- %TEMP%\MMBPlayer\Upload.cmd
- %TEMP%\MMBPlayer\FF.exe
- %TEMP%\MMBPlayer\IE.exe
- %TEMP%\MMBPlayer\DELA.cmd
- %TEMP%\MMBPlayer\M.exe
- 'il#.#renz.pl':80
- 'localhost':1041
- 'localhost':1037
- 'ft#.##ethost13.com':21
- DNS ASK il#.#renz.pl
- DNS ASK ft#.##ethost13.com
- ClassName: 'Shell_TrayWnd' WindowName: ''