Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'taskman' = '"%TEMP%\vtm.72b\SoundMax.exe"'
- <SYSTEM32>\reg.exe query "HKLM\software\microsoft\windows nt\currentversion\Winlogon" /v taskman
- <SYSTEM32>\reg.exe add "HKLM\software\microsoft\windows nt\currentversion\Winlogon" /f /v taskman /d ""%TEMP%\vtm.72b\SoundMax.exe"
- <SYSTEM32>\ping.exe -n 1 www.google.com
- %TEMP%\vtm.72b\SoundMax.exe
- %TEMP%\vtm.72b\chk.ppd
- %TEMP%\vtm.72b\rgtr.tmp
- %TEMP%\v.tm504\melt.exe
- %TEMP%\v.tm504\TempMelt.bat
- %TEMP%\vtm.72b\day.txt
- DNS ASK www.google.com