Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = '%APPDATA%\Microsoft\Windows\svchost.exe'
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,%APPDATA%\Microsoft\Windows\svchost.exe'
- <SYSTEM32>\notepad.exe
- C:\users\exploitbody.rar
- C:\users\exploithead.bat
- C:\users\exploitunpacker.exe
- C:\users\xml.exe
- %APPDATA%\microsoft\windows\svchost.exe
- %TEMP%\cheats.txt
- %APPDATA%\microsoft\windows\svchost.exe
- C:\users\exploitbody.rar
- C:\users\exploitunpacker.exe
- DNS ASK ma#####.freedynamicdns.net
- ClassName: 'EDIT' WindowName: ''
- 'C:\users\exploitunpacker.exe' e -pDecBody ExploitBody.rar
- 'C:\users\xml.exe'
- '%APPDATA%\microsoft\windows\svchost.exe'
- '<SYSTEM32>\notepad.exe' ' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""C:\Users\ExploitHead.bat" "
- '<SYSTEM32>\notepad.exe' %TEMP%\CHEATS.TXT
- '<SYSTEM32>\notepad.exe'