Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Owned' = '<SYSTEM32>\services.exeserver.exe'
- '<SYSTEM32>\services.exeserver.exe'
- '<SYSTEM32>\decrypter.exe'
- <SYSTEM32>\Temp32.txt
- <SYSTEM32>\services.exeserver.exe
- <SYSTEM32>\decrypter.exe
- <SYSTEM32>\key.key
- <SYSTEM32>\key.key
- <SYSTEM32>\Temp32.txt
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''