Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = 'C:\system32\Day\Application.hta'
- '<SYSTEM32>\regini.exe' rad26362.tmp
- '<SYSTEM32>\cacls.exe' "C:\system32" /E /t /c /d Administrators
- '<SYSTEM32>\mshta.exe' C:\tmp\IconCache.db
- '%ProgramFiles%\Windows NT\Accessories\wordpad.exe' "C:\tmp\secret.doc"
- '<SYSTEM32>\mshta.exe' "C:\system32\Day\Application.hta"
- C:\tmp\IconCache.db
- <Текущая директория>\rad26362.tmp
- C:\tmp\secret.doc
- C:\system32\Day\Application.hta
- <Текущая директория>\rad26362.tmp
- '18#.#2.220.177':446
- 'fu##.dynu.com':446
- 'localhost':1037
- DNS ASK fu##.dynu.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''