Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\FirstLogon] 'Start' = '00000002'
- %PROGRAM_FILES%\SafeLogon\FirstLogon\FirstLogon.exe -install -p1 liqun002
- <SYSTEM32>\ipconfig.exe /all
- <SYSTEM32>\cmd.exe /c dewdcedfasdfd.bat
- %PROGRAM_FILES%\SafeLogon\FirstLogon\ALSndMgr.cpl
- %PROGRAM_FILES%\SafeLogon\FirstLogon\Alcxwdm1.cat
- %PROGRAM_FILES%\SafeLogon\FirstLogon\Alcxau30.inf
- %PROGRAM_FILES%\SafeLogon\FirstLogon\RtlCPAPI.dll
- %PROGRAM_FILES%\SafeLogon\FirstLogon\Alcxwdm0.cat
- <Текущая директория>\dewdcedfasdfd.bat
- <Текущая директория>\vddwewe12dasdw.ded
- %PROGRAM_FILES%\SafeLogon\FirstLogon\Alcwdm6.inf
- %PROGRAM_FILES%\SafeLogon\FirstLogon\FirstLogon.exe
- %PROGRAM_FILES%\SafeLogon\FirstLogon\Alcxau23.inf
- %PROGRAM_FILES%\SafeLogon\FirstLogon\Alcxau24.inf
- %PROGRAM_FILES%\SafeLogon\FirstLogon\Alcxau21.inf
- %PROGRAM_FILES%\SafeLogon\FirstLogon\Alcxau22.inf
- %PROGRAM_FILES%\SafeLogon\FirstLogon\Alcxau25.inf
- %PROGRAM_FILES%\SafeLogon\FirstLogon\Alcxau28.inf
- %PROGRAM_FILES%\SafeLogon\FirstLogon\Alcxau29.inf
- %PROGRAM_FILES%\SafeLogon\FirstLogon\Alcxau26.inf
- %PROGRAM_FILES%\SafeLogon\FirstLogon\Alcxau27.inf
- <Текущая директория>\vddwewe12dasdw.ded
- 'ln#.#ay678.com':8551
- DNS ASK ln#.#ay678.com