Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svhost2' = '%APPDATA%\apps.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svhost' = '%TEMP%\svhost.vbs'
- %HOMEPATH%\Start Menu\Programs\Startup\svhost.lnk
- %TEMP%\is-M01OT.tmp\botva2.dll
- %TEMP%\is-M01OT.tmp\CallbackCtrl.dll
- %TEMP%\is-M01OT.tmp\isskin.dll
- %TEMP%\is-M01OT.tmp\b2p.dll
- %TEMP%\ReesterCreate.vbs
- %TEMP%\svhost.vbs
- %TEMP%\svhost.exe
- %TEMP%\msvcr110.dll
- %APPDATA%\1337\setup.exe
- %APPDATA%\1337\finish.exe
- %TEMP%\nsg2.tmp
- %TEMP%\nsw3.tmp\System.dll
- %TEMP%\is-M01OT.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-M01OT.tmp\ISDone.dll
- %TEMP%\is-IJII6.tmp\setup.tmp
- %APPDATA%\apps.exe
- %TEMP%\ReesterCreate.vbs
- %TEMP%\svhost.vbs
- %TEMP%\svhost.exe
- %TEMP%\msvcr110.dll
- %TEMP%\nsw3.tmp\System.dll
- ClassName: 'EDIT' WindowName: ''
- '%APPDATA%\apps.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\svhost.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\ReesterCreate.vbs"
- '%APPDATA%\1337\setup.exe'
- '%APPDATA%\1337\finish.exe'
- '%TEMP%\is-IJII6.tmp\setup.tmp' /SL5="$40036,2518169,265216,%APPDATA%\1337\setup.exe"