Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe , %WINDIR%\1.bat'
- [<HKLM>\SYSTEM\ControlSet001\Services\MediaCenter] 'Start' = '00000002'
- %WINDIR%\Server.exe
- <SYSTEM32>\svchost.exe -k krnlsrvc
- %WINDIR%\regedit.exe /s 1.reg
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\1.bat" "
- %WINDIR%\Server.exe
- %TEMP%\221500_res.tmp
- %WINDIR%\2.bat
- %WINDIR%\1.bat
- %WINDIR%\1.reg
- <SYSTEM32>\RbmytjC.dll
- %WINDIR%\Server.exe
- %TEMP%\221500_res.tmp в <SYSTEM32>\RbmytjC.dll
- 'wd####z.3322.org':611
- DNS ASK wd####z.3322.org
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''