Техническая информация
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- C:\users\default\appdata\roaming\microsoft\windows\settings\config.ini
- C:\users\default\appdata\local\shell\hxsuvsldz.jo
- C:\users\default\appdata\local\shell\hxsuvsldz.jo
- из <Полный путь к файлу> в <Текущая директория>\th.launcher.exe
- 'public-trust.com':80
- http://th#x.cc/
- DNS ASK th#x.cc
- DNS ASK public-trust.com
- ClassName: '18467-41' WindowName: ''
- ClassName: 'Combat_Arms' WindowName: 'CombatArms'
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'msctls_updown32' WindowName: ''
- 'C:\users\default\appdata\local\shell\hxsuvsldz.jo'
- '%WINDIR%\syswow64\cmd.exe' /c CACLS "C:\Users\Default\AppData\Local\Shell" /E /P user:F' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c CACLS "C:\Users\Default\AppData\Local\Shell" /E /P user:F
- '%WINDIR%\syswow64\cacls.exe' "C:\Users\Default\AppData\Local\Shell" /E /P user:F