Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ngtmcg Usongvpj Bgn] 'Start' = '00000002'
- '%TEMP%\源偶——带数字喊话脚本.exe'
- '%TEMP%\Rkbrljbsr_NET.exe'
- '%TEMP%\喇叭挂.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\svchost.exe' -k imgsvc
- '<SYSTEM32>\svchost.exe' -k netsvcs
- C:\Net-Temp.ini
- C:\NT_Path.jpg
- %PROGRAM_FILES%\Dcwn\Dbkytjyyp.jpg
- C:\1524100.dll
- %TEMP%\Rkbrljbsr_NET.exe
- %TEMP%\喇叭挂.exe
- C:\845500.dll
- %TEMP%\源偶——带数字喊话脚本.exe
- %PROGRAM_FILES%\Dcwn\Dbkytjyyp.jpg
- %TEMP%\Rkbrljbsr_NET.exe
- C:\1524100.dll
- C:\Net-Temp.ini
- C:\NT_Path.jpg
- 'do####xuan.3322.org':2121
- DNS ASK do####xuan.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''