Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Tomcat' = '%WINDIR%\debug\pubwin.vbs'
- '<SYSTEM32>\wscript.exe' "%WINDIR%\debug\pubwin.vbs"
- '<SYSTEM32>\attrib.exe' +s +h zlib1.dll
- '<SYSTEM32>\attrib.exe' +s +h svchost.exe
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\debug\pubwin.bat" "
- '%WINDIR%\regedit.exe' /s pubwin.reg
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %WINDIR%\Debug\svchost.exe
- %WINDIR%\Debug\vbs-t.txt
- %WINDIR%\Debug\pubwin.vbs
- %WINDIR%\Debug\ssleay32.dll
- %WINDIR%\Debug\yc.bat
- %WINDIR%\Debug\libcurl-4.dll
- %WINDIR%\Debug\libcurl.dll
- %WINDIR%\Debug\zlib1.dll
- %WINDIR%\Debug\pubwin.reg
- %WINDIR%\Debug\pubwin.bat
- %WINDIR%\Debug\libiconv-2.dll
- %WINDIR%\Debug\libidn-11.dll
- %WINDIR%\Debug\libeay32.dll
- %WINDIR%\Debug\libgcc_s_seh-1.dll
- %WINDIR%\Debug\libintl-8.dll
- %WINDIR%\Debug\msvcp71.dll
- %WINDIR%\Debug\msvcr71.dll
- %WINDIR%\Debug\libstdc++-6.dll
- %WINDIR%\Debug\libwinpthread-1.dll
- %WINDIR%\Debug\zlib1.dll
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''