Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{F06CE106-AE7A-4e53-96EB-32E6EBCADFAD}] 'StubPath' = '<SYSTEM32>\WinNT.hta'
- '<SYSTEM32>\Shzxll32.exe'
- '<SYSTEM32>\ntsd.exe' -c q -p 2524
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\svchost.exe
- ClassName: 'pediy06' WindowName: '(null)'
- ClassName: 'GBDYLLO' WindowName: '(null)'
- ClassName: 'OLLYDBG' WindowName: '(null)'
- <SYSTEM32>\Shzxll32.exe
- %WINDIR%\Server.txt
- <SYSTEM32>\WinNT.hta
- %WINDIR%\12.txt
- <SYSTEM32>\krnln.fnr
- <SYSTEM32>\dp1.fne
- <SYSTEM32>\krnln.fnr
- <SYSTEM32>\dp1.fne
- <SYSTEM32>\Shzxll32.exe
- %WINDIR%\12.txt
- <Полный путь к вирусу>
- %WINDIR%\Server.txt
- %WINDIR%\12.txt
- 'px###.3322.org':8880
- DNS ASK px###.3322.org