Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'System' = '<SYSTEM32>\Internet.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'WinMgmt' = '<SYSTEM32>\SVCH0ST.EXE'
- '<SYSTEM32>\arp.exe' -s 192.168.1.221 04-02-01-03-02-04
- '<SYSTEM32>\ipconfig.exe'
- '<SYSTEM32>\arp.exe' -s 09-02-05-03-01-06
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\autorun.bat
- '<SYSTEM32>\arp.exe' -s 192.168.1.200 02-02-01-03-02-04
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\a.bat
- '<SYSTEM32>\arp.exe' -s 192.168.1.180 03-02-01-03-02-04
- '<SYSTEM32>\arp.exe' -s 192.168.0.200 01-02-01-03-02-04
- <SYSTEM32>\a.bat
- C:\autorun.inf
- <SYSTEM32>\1.txt
- <SYSTEM32>\autorun.bat
- C:\Recycled.exe
- <SYSTEM32>\Ravel.inf
- <SYSTEM32>\Internet.exe
- <SYSTEM32>\SVCH0ST.EXE
- C:\autorun.inf
- C:\Recycled.exe