Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,C:\DOCUME~1\%USERNAME%\LOCALS~1\Temp\MSDCSC\msdcsc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MicroUpdate' = '%TEMP%\MSDCSC\msdcsc.exe'
- '%TEMP%\WinLogin.exe' -p123
- '%TEMP%\MicroUpdate.exe'
- '%TEMP%\MSDCSC\msdcsc.exe'
- '%TEMP%\Winjt.exe'
- '%TEMP%\SystemWin.exe' -p123
- '%TEMP%\Steam.exe'
- '%TEMP%\Winjt.exe' -p123
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\0.bat" "
- %TEMP%\Win.exe
- %TEMP%\Steam.exe
- %TEMP%\MSDCSC\msdcsc.exe
- %TEMP%\MicroUpdate.exe
- %TEMP%\SystemWin.exe
- %TEMP%\0.bat
- %TEMP%\WinLogin.exe
- %TEMP%\Winjt.exe
- %TEMP%\MSDCSC\msdcsc.exe
- %TEMP%\0.bat
- '46.##0.150.61':1604
- 'st####ebug.at.ua':80
- 'wp#d':80
- st####ebug.at.ua/debug.dat
- wp#d/wpad.dat
- DNS ASK st####ebug.at.ua
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''