Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'skyp' = '%ALLUSERSPROFILE%\Application Data\siams.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'msn' = '%ALLUSERSPROFILE%\Application Data\csres.exe'
- '%TEMP%\Done.exe'
- %ALLUSERSPROFILE%\Application Data\csres.exe
- %HOMEPATH%\Desktop\Abirds.lnk
- %ALLUSERSPROFILE%\Application Data\videoplayback.exe
- %ALLUSERSPROFILE%\Application Data\egg.exe
- %ALLUSERSPROFILE%\Application Data\siams.exe
- %TEMP%\csres.exe
- %TEMP%\Done.exe
- %TEMP%\videoplayback.exe
- %TEMP%\siams.exe
- %TEMP%\egg.exe
- %ALLUSERSPROFILE%\Application Data\siams.exe
- %ALLUSERSPROFILE%\Application Data\egg.exe
- %ALLUSERSPROFILE%\Application Data\csres.exe
- %ALLUSERSPROFILE%\Application Data\videoplayback.exe
- %TEMP%\siams.exe
- %TEMP%\egg.exe
- %TEMP%\csres.exe
- %TEMP%\videoplayback.exe
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'