Техническая информация
- [<HKCU>\SYSTEM\CurrentControlSet\Services\CD1E20F5] 'ImagePath' = '<SYSTEM32>\CD1E20F5.EXE -service'
- [<HKLM>\SYSTEM\ControlSet001\Services\CD1E20F5] 'ImagePath' = '<SYSTEM32>\CD1E20F5.EXE -service'
- [<HKLM>\SYSTEM\ControlSet001\Services\CD1E20F5] 'Start' = '00000002'
- '<SYSTEM32>\Media\winlogon.exe'
- '<SYSTEM32>\CD1E20F5.EXE' -service
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\delme.bat
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\delme.bat
- <SYSTEM32>\Media\winlogon.exe
- <SYSTEM32>\CD1E20F5.EXE
- <SYSTEM32>\CD1E20F5T.EXE
- <SYSTEM32>\CD1E20F5.DLL
- ClassName: 'ComboBoxEx32' WindowName: '(null)'
- ClassName: 'ReBarWindow32' WindowName: '(null)'
- ClassName: 'Edit' WindowName: '(null)'
- ClassName: 'ComboBox' WindowName: '(null)'
- ClassName: 'Shell DocObject View' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'WorkerW' WindowName: '(null)'
- ClassName: 'Internet Explorer_Server' WindowName: '(null)'