Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%APPDATA%\InstallShield\Tmp\zidiczk221.bat,'
- %WINDIR%\regedit.exe /s "%APPDATA%\InstallShield\Tmp\zidiczk22.reg"
- <SYSTEM32>\cmd.exe /c "%APPDATA%\InstallShield\Tmp\zidiczk223.bat"
- %APPDATA%\InstallShield\Tmp\zidiczk223.int
- %APPDATA%\InstallShield\Tmp\zidiczk221.int
- %APPDATA%\InstallShield\Tmp\zidiczk222.int
- %APPDATA%\InstallShield\Tmp\zidiczk22.int
- %APPDATA%\InstallShield\Tmp\zidiczk22.exe
- %APPDATA%\InstallShield\Tmp\zidiczk22.del
- %APPDATA%\InstallShield\Tmp\zidiczk22.dll
- %APPDATA%\InstallShield\Tmp\zidiczk22.del
- 'zi###c.3322.org':21000
- DNS ASK zi###c.3322.org
- '<IP-адрес в локальной сети>':1034
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''