Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'servicepack' = 'C:\Documents and Settings\LocalService\Application Data\spwindows\SP3Service-32-64.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'servicepack' = '%APPDATA%\spwindows\SP3Service-32-64.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\aszjh] 'ImagePath' = '<SYSTEM32>\vlraiz.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\aszjh] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\vlraiz.exe' = '<SYSTEM32>\vlraiz.exe:*:Enabled:Microsoft (R...
- '<SYSTEM32>\reg.exe' ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "servicepack" /t REG_SZ /F /D "C:\Documents and Settings\LocalService\Application Data\spwindows\SP3Service-32-64.exe"
- '<SYSTEM32>\cmd.exe' /c del <Полный путь к файлу> > nul
- '<SYSTEM32>\reg.exe' ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "servicepack" /t REG_SZ /F /D "%APPDATA%\spwindows\SP3Service-32-64.exe"
- '<SYSTEM32>\vlraiz.exe'
- C:\Documents and Settings\LocalService\Application Data\spwindows\SP3Service-32-64.exe
- <SYSTEM32>\vlraiz.exe
- %APPDATA%\spwindows\SP3Service-32-64.exe
- 's2###00c.zz.am':2846
- DNS ASK s2###00c.zz.am
- ClassName: 'Shell_TrayWnd' WindowName: ''