Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RzxMon' = '-'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rwyNMC' = '-'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe'
- '%TEMP%\RarSFX0\1.1.exe'
- '%WINDIR%\un_lgj.exe'
- '%WINDIR%\regedit.exe' /s ./pizza.reg
- '<SYSTEM32>\taskkill.exe' /f /im wwm.exe
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\un_lgj.bat
- %TEMP%\RarSFX0\un.bat
- %TEMP%\~1.bat
- <LS_APPDATA>\pizza.reg
- %TEMP%\RarSFX0\pizza.reg
- %WINDIR%\un_lgj.bat
- %WINDIR%\un_lgj.exe
- %TEMP%\RarSFX0\1.1.exe
- %TEMP%\~1.bat
- <LS_APPDATA>\pizza.reg
- %TEMP%\~1.bat
- %TEMP%\RarSFX0\1.1.exe
- %TEMP%\RarSFX0\un.bat
- %TEMP%\RarSFX0\pizza.reg
- <SYSTEM32>\msvcp71.dll
- <SYSTEM32>\mfc71.dll
- <SYSTEM32>\msvcr71.dll
- %WINDIR%\un_lgj.exe
- %WINDIR%\un_lgj.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: '' WindowName: 'rwyncmc.exe'
- ClassName: '' WindowName: 'wwm.exe'
- ClassName: '' WindowName: 'rzxclient.exe'
- ClassName: '' WindowName: 'rzxmon.exe'