Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\DcomLaunch] 'Start' = '00000002'
- 'C:\Sofe0\appapp.exe'
- '<SYSTEM32>\attrib.exe' +H +R "%TEMP%\84018c44d2a03266a0e95d07765bde86.dat"
- '<SYSTEM32>\cacls.exe' "%HOMEPATH%\Local Settings\Temp" /T /P everyone:F
- '<SYSTEM32>\cacls.exe' "%TEMP%\84018c44d2a03266a0e95d07765bde86.dat" /T /P everyone:N
- '<SYSTEM32>\attrib.exe' +H +R "C:\Sofe0"
- '<SYSTEM32>\cmd.exe' /c C:\Sofe0\common\lanmao.bat
- '<SYSTEM32>\wscript.exe' C:\Sofe0\common\3222.vbs
- '<SYSTEM32>\cmd.exe' /c afc9fe2f418b00a0.bat
- '<SYSTEM32>\sc.exe' config DcomLaunch start= auto
- C:\Sofe0\common\lanmao.bat
- C:\Sofe0\appapp.bat
- <Текущая директория>\afc9fe2f418b00a0.bat
- C:\Sofe0\common\Utility.dll
- C:\Sofe0\appapp.exe
- C:\Sofe0\common\3222.vbs
- C:\Sofe0\common\3222.vbs
- 'www.pk##.com':1912
- DNS ASK www.pk##.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'