Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\AppMgmt] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- '<SYSTEM32>\graftabl.com' 936
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\ntvdm.exe' -f
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\clinet001.cmd" "
- '<SYSTEM32>\more.com' +5 "<SYSTEM32>\clinet001.cmd"
- %WINDIR%\Temp\scs3.tmp
- <SYSTEM32>\$TMP$
- <SYSTEM32>\chifiles.dll
- <SYSTEM32>\clinet001.cmd
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs3.tmp
- <SYSTEM32>\$TMP$
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- 'mo#####.publicvm.com':8027
- DNS ASK mo#####.publicvm.com
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b58.b5c.380001'