Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,%PROGRAM_FILES%\Internet Explorer\zzp8.exe'
- '<SYSTEM32>\Regsvr32.exe' /s "<SYSTEM32>\wybho.dll"
- '<SYSTEM32>\PING.EXE' 127.0.0.1
- '<SYSTEM32>\WScript.exe' "%ALLUSERSPROFILE%\fydrrt\3.vbs"
- C:\Users\Public\Desktop\Internet Explorer.lnk
- <SYSTEM32>\wybho.dll
- %TEMP%\123.txt
- %PROGRAM_FILES%\Internet Explorer\zzp8.exe
- C:\ProgramData\fydrrt\new90.exe
- C:\ProgramData\fydrrt\3.vbs
- C:\ProgramData\fydrrt\zzp8.exe
- C:\ProgramData\fydrrt\zzp8.exe
- %TEMP%\~DF9E5F3DB3EE6690E6.TMP
- C:\ProgramData\fydrrt\new90.exe
- %TEMP%\123.txt в %TEMP%\123.bat
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: 'EDIT' WindowName: ''