Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\РЮёґ№¤ѕЯ.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SYSTEM\ControlSet001\Services\AppMgmt] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\23D52BAC] 'Start' = '00000002'
- <SYSTEM32>\appmgmts.dll
- <SYSTEM32>\reg.exe export HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt %WINDIR%\TEMP\r7d171c85.txt
- <SYSTEM32>\reg.exe import %TEMP%\r43a05efa.txt
- <SYSTEM32>\reg.exe export "HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layouts" %TEMP%\r43a05efa.txt
- <SYSTEM32>\23D52BAC.sys
- %WINDIR%\Temp\s3f316ca9.txt
- %WINDIR%\Temp\r7d171c85.txt
- C:\Documents and Settings\Infotmp.txt
- <SYSTEM32>\06A805AC.tmp
- %TEMP%\r43a05efa.txt
- %WINDIR%\Temp\r7d171c85.txt
- <SYSTEM32>\06A805AC.tmp
- %WINDIR%\Temp\s3f316ca9.txt
- %TEMP%\r43a05efa.txt
- C:\Documents and Settings\Infotmp.txt
- '60.##1.186.243':8080
- '60.##1.186.244':8080
- '60.##1.186.245':8080
- '60.##1.186.246':8080
- DNS ASK www.nj##68.info
- DNS ASK www.ba##u.com
- '<IP-адрес в локальной сети>':1036
- '<IP-адрес в локальной сети>':1037
- ClassName: 'CicLoaderWndClass' WindowName: ''