Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\AppToService_server] 'Start' = '00000002'
- %WINDIR%\system\AppToService.exe /install "server.exe" /startup:A
- %WINDIR%\system\svchost.exe
- %WINDIR%\system\app.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\app.bat""
- %WINDIR%\system\AppToService.exe
- %WINDIR%\system\server.exe
- %WINDIR%\system\svchost.exe
- %TEMP%\exe1.tmp
- %TEMP%\app.bat
- %WINDIR%\system\app.exe
- %TEMP%\~vis0000\English.vlg
- %TEMP%\~vis0000\vise32ex.dll
- %TEMP%\~vis0000\miscdata.xyz
- %TEMP%\~vis0000\default.bmp
- %TEMP%\~vis0000\rebootnt.exe
- %TEMP%\~vis0000\rebootnt.exe
- %TEMP%\~vis0000\vise32ex.dll
- %TEMP%\~vis0000\English.vlg
- %TEMP%\~vis0000\miscdata.xyz
- %TEMP%\~vis0000\default.bmp
- 'ha####asi.gnway.net':2828
- DNS ASK ha####asi.gnway.net
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''