Техническая информация
- Диспетчера задач (Taskmgr)
- Редактора реестра (RegEdit)
- Компонент восстановления системы (SR)
- '<SYSTEM32>\cmd.exe' /C ping 8.8.8.8 -n 1 -w 2 > Nul & Del "%APPDATA%\Microsoft\svchost.exe"
- '<SYSTEM32>\ping.exe' 8.8.8.8 -n 1 -w 2
- '<SYSTEM32>\notepad.exe' %HOMEPATH%\My Documents\Take_Seriously (Your saving grace).txt
- '%APPDATA%\Microsoft\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c "%HOMEPATH%\My Documents\shwdFtY8245PqWQWf.bat"
- %HOMEPATH%\My Documents\shwdFtY8245PqWQWf.bat
- %HOMEPATH%\My Documents\Take_Seriously (Your saving grace).txt
- %TEMP%\melt.txt
- %HOMEPATH%\My Documents\l\%USERNAME% passcode.txt
- %APPDATA%\Microsoft\svchost.exe
- %APPDATA%\Microsoft\svchost.exe
- %HOMEPATH%\My Documents\l\%USERNAME% passcode.txt
- %HOMEPATH%\My Documents\l\%USERNAME% passcode.txt
- 'ft#.#rivehq.com':21
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ft#.#rivehq.com
- DNS ASK wp#d
- ClassName: 'TrayClockWClass' WindowName: ''
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TrayNotifyWnd' WindowName: ''