Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '?m…cit’' = '\?e…pFr’›zer.exe'
- '%TEMP%\server.exe'
- '%TEMP%\server.sfx.exe' -pDeepFreezer2012 -d%HOMEPATH%\Local Settings\Temp
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\crypt.bat" "
- %TEMP%\server.exe
- %TEMP%\server.sfx.exe
- %TEMP%\crypt.bat
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''