Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,rundll32.exe %PROGRAM_FILES%\dnf1\zydxc0128.dll Start,'
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows adoNetAtoCAD] 'Start' = '00000002'
- '<SYSTEM32>\ADONET.EXE'
- '<SYSTEM32>\Winlogin_G.exe'
- '%WINDIR%\sleep.exe' 100
- '<SYSTEM32>\cmd.exe' /c <Текущая директория>\1.bat
- '<SYSTEM32>\rundll32.exe' %PROGRAM_FILES%\dnf1\zydxc0128.dll Start
- <SYSTEM32>\MMC.DAT
- %PROGRAM_FILES%\dnf1\shadowsafe.sys
- <SYSTEM32>\MMC2.DAT
- <Текущая директория>\1.bat
- <SYSTEM32>\ADONET.EXE
- <SYSTEM32>\Winlogin_G.exe
- C:\1.dat
- %PROGRAM_FILES%\zydxc.dat
- %PROGRAM_FILES%\dnf1\zydxc0128.dll
- %PROGRAM_FILES%\zydxc2.dat
- %PROGRAM_FILES%\zydxc2.dat
- %PROGRAM_FILES%\zydxc.dat
- <SYSTEM32>\Winlogin_G.exe
- %PROGRAM_FILES%\zydxc2.dat
- %PROGRAM_FILES%\zydxc.dat