Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsHide' = 'C:\CurrentVersion\start.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\VBS.vbs"
- '%TEMP%\leksey.exe'
- '<SYSTEM32>\reg.exe' ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v WindowsHide /t REG_SZ /d "C:\CurrentVersion\start.exe" /f
- '<SYSTEM32>\notepad.exe' %TEMP%\Кардинг.txt
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\1.bat" "
- '%TEMP%\RarSFX0\Work.exe' -p123 -d%HOMEPATH%\Local Settings\Temp
- C:\CurrentVersion\start.exe
- C:\CurrentVersion\svchost.exe
- C:\CurrentVersion\msvcr120.dll
- C:\CurrentVersion\miner.ini
- %TEMP%\RarSFX0\1.bat
- %TEMP%\RarSFX0\VBS.vbs
- %TEMP%\RarSFX0\Work.exe
- C:\CurrentVersion\svchost.exe
- C:\CurrentVersion\msvcr120.dll
- C:\CurrentVersion\miner.ini
- C:\CurrentVersion\start.exe
- %TEMP%\RarSFX0\Work.exe
- %TEMP%\RarSFX0\VBS.vbs
- %TEMP%\RarSFX0\1.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''