Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'adsnv' = '{8F61586C-5D1B-4c76-BB3A-3B88F96A18B0}'
- 'C:\sysret.dat'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\selfk.bat
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\adsnv.dll
- %TEMP%\selfk.bat
- %WINDIR%\Downloaded Program Files\appmgmd.exe
- C:\sysret.dat
- C:\sysret.sys
- ClassName: 'ComboBox' WindowName: '(null)'
- ClassName: 'Edit' WindowName: '(null)'
- ClassName: 'shell_traywnd' WindowName: '(null)'
- ClassName: 'ComboBoxEx32' WindowName: '(null)'
- ClassName: 'CabinetWClass' WindowName: '(null)'
- ClassName: 'WorkerW' WindowName: '(null)'
- ClassName: 'ReBarWindow32' WindowName: '(null)'