Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windowins Player' = '"C:\\Program Files\\Player\\wins.exe\" -s -t 600"'
- '%TEMP%\RarSFX1\1.exe'
- '%PROGRAM_FILES%\Player\Safeix.exe'
- '%PROGRAM_FILES%\Player\Player.exe'
- '%WINDIR%\regedit.exe' /s s.reg
- '%WINDIR%\regedit.exe' /s 1.reg
- '<SYSTEM32>\taskkill.exe' /f /im 360se.exe
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\2.bat" "
- %TEMP%\RarSFX0\2.reg
- %TEMP%\RarSFX0\3.reg
- %PROGRAM_FILES%\Player\dpmodemx.dll
- %PROGRAM_FILES%\Player\Safeix.exe
- %TEMP%\RarSFX0\s.reg
- %TEMP%\RarSFX0\2.bat
- %TEMP%\RarSFX0\1.reg
- %TEMP%\RarSFX1\1.exe
- %TEMP%\RarSFX0\4.bat
- %TEMP%\$inst\5.tmp
- %TEMP%\$inst\15.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\4.tmp
- %TEMP%\$inst\temp_0.tmp
- %PROGRAM_FILES%\Player\Player.exe
- %PROGRAM_FILES%\Player\wins.exe
- %PROGRAM_FILES%\Player\dpnaddr.dll
- %PROGRAM_FILES%\Player\dpvacm.dll
- %TEMP%\$inst\5.tmp
- %TEMP%\$inst\15.tmp
- %TEMP%\$inst\4.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- ClassName: '' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''