Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ias] 'Start' = '00000002'
- C:\RECYCLER\cmd.exe /c regedit /s c:\recycler\cmd.execyl.txt /cc:\recycler\cmd.exe110609tem.exe /c copy /b c:\recycler\cmd.exe110609tem.exe3.txt+c:\recycler\cmd.exe110609cnna.txt c:\recycler\cmd.exe110609tem.exe
- C:\RECYCLER\cmd.exe110609tem.exe
- %PROGRAM_FILES%\r.exe /c "%PROGRAM_FILES%\r.exe109078na.exe"
- %PROGRAM_FILES%\r.exe109078na.exe
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\win.bat" "
- %WINDIR%\regedit.exe /s c:\recycler\cmd.execyl.txt
- <SYSTEM32>\Iasid.dll.tlb
- C:\RECYCLER\cmd.execyl.txt
- C:\RECYCLER\recyl.exe113515cnna.txt
- <SYSTEM32>\Iasid.dll.move.tlb
- <SYSTEM32>\Iasid.dll
- %PROGRAM_FILES%\win
- <SYSTEM32>\Iasid.dll.right.tlb
- C:\RECYCLER\recyl.exe
- C:\RECYCLER\cmd.exe
- %PROGRAM_FILES%\r.exe109078na.exe
- %PROGRAM_FILES%\r.exe
- C:\RECYCLER\cmd.exe110609cnna.txt
- C:\RECYCLER\cmd.exetem.tem
- C:\RECYCLER\cmd.exe110609tem.exe
- C:\RECYCLER\cmd.exe110609tem.exe3.txt
- %PROGRAM_FILES%\r.exe109078na.exe
- C:\RECYCLER\cmd.exe110609cnna.txt
- 'et###0.vicp.net':8888
- DNS ASK et###0.vicp.net
- 'localhost':1045
- 'localhost':1044
- 'localhost':1043
- 'localhost':1046
- 'localhost':1049
- 'localhost':1048
- 'localhost':1047
- 'localhost':1038
- 'localhost':1037
- '23#.#55.255.250':1900
- 'localhost':1039
- 'localhost':1042
- 'localhost':1041
- 'localhost':1040
- ClassName: 'RegEdit_RegEdit' WindowName: ''