Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\6to4] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\6to4] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\ControlSet001\Services\6to4\Parameters] 'ServiceDll' = '<SYSTEM32>\6to4ex.dll'
- %TEMP%\~temp1.doc
- %TEMP%\~temp2.exe
- %WINDIR%\system\config_t.dat
- %TEMP%\install.tmp
- %TEMP%\release.tmp
- <SYSTEM32>\6to4ex.dll
- %TEMP%\~temp1.doc
- %TEMP%\~temp2.exe
- %TEMP%\install.tmp в <SYSTEM32>\install.tmp
- %TEMP%\release.tmp в <SYSTEM32>\6to4ex.dll
- ClassName: 'WordPadClass' WindowName: ''
- '%TEMP%\~temp2.exe'
- '%ProgramFiles%\Windows NT\Accessories\wordpad.exe' "%TEMP%\~temp1.doc"