Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ias] 'Start' = '00000002'
- C:\RECYCLER\cmd.exe /c regedit /s c:\recycler\cmd.execyl.txt /cc:\recycler\cmd.exe125593tem.exe /c copy /b c:\recycler\cmd.exe125593tem.exe3.txt+c:\recycler\cmd.exe125593cnna.txt c:\recycler\cmd.exe125593tem.exe
- %PROGRAM_FILES%\r.exe116125na.exe
- %PROGRAM_FILES%\r.exe /c "%PROGRAM_FILES%\r.exe116125na.exe"
- %WINDIR%\regedit.exe /s c:\recycler\cmd.execyl.txt
- <SYSTEM32>\ntvdm.exe -f
- <SYSTEM32>\Iasid.dll.tlb
- C:\RECYCLER\cmd.execyl.txt
- C:\RECYCLER\cmd.exe125593tem.exe
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- <SYSTEM32>\Iasid.dll.right.tlb
- <SYSTEM32>\Iasid.dll.move.tlb
- C:\RECYCLER\cmd.exe
- %PROGRAM_FILES%\r.exe116125na.exe
- %PROGRAM_FILES%\r.exe
- C:\RECYCLER\cmd.exe125593cnna.txt
- C:\RECYCLER\cmd.exetem.tem
- %PROGRAM_FILES%\win
- C:\RECYCLER\cmd.exe125593tem.exe3.txt
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- C:\RECYCLER\cmd.exe125593cnna.txt
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b30.b34.3c0005'