Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinXPService' = '%WINDIR%\wauclt.exe'
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"%WINDIR%\wauclt.exe" -noconnect'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"%WINDIR%\wauclt.exe" -noconnect'
- %WINDIR%\wauclt.exe
- %WINDIR%\msagent\agentsvr.exe -Embedding
- %WINDIR%\regedit.exe /s v50.reg
- %WINDIR%\v50.reg
- %WINDIR%\wauclt.exe
- %WINDIR%\TMP1.$$$
- %WINDIR%\remote.ini
- <SYSTEM32>\msconfg.dll
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %WINDIR%\hs.dll
- %WINDIR%\connects
- %WINDIR%\TMP1.$$$
- %WINDIR%\v50.reg
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- 'lc#.#dultr.net':9171
- DNS ASK lc#.#dultr.net
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''