Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XXXXXX70F70F96' = '%WINDIR%\XXXXXX70F70F96.exe'
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- %TEMP%\~imsinst.exe
- %TEMP%\~imsinst.tmp
- %TEMP%\Server.exe
- %WINDIR%\XXXXXX70F70F96.exe
- %TEMP%\22.asf
- %TEMP%\~imsinst.tmp
- %TEMP%\~imsinst.tmp
- 'rn####.codns.com':6541
- DNS ASK rn####.codns.com
- ClassName: '18467-41' WindowName: ''
- ClassName: '' WindowName: '??????????????'
- ClassName: '' WindowName: 'ИрРЗіМРтЙэј¶ЦР'
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'WMP9DeskBand' WindowName: 'WMP9DeskBand'
- ClassName: 'WMPlayerApp' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: '\MSITPro::EventQueue' WindowName: ''
- ClassName: 'Type32_Main_Window' WindowName: ''
- '%TEMP%\~imsinst.exe' <Полный путь к файлу>
- '%TEMP%\Server.exe'
- '%ProgramFiles%\Windows Media Player\wmplayer.exe' /prefetch:7 /Open "%TEMP%\22.asf"