Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\conime.exe] 'Debugger' = 'P:\\conime.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fg1.exe] 'Debugger' = 'P:\\fg1.exe'
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\asianlan10.dll /e /p everyone:n
- '%WINDIR%\regedit.exe' /s %WINDIR%\java\classes\ops\fg1.reg
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\snav.dll /e /p everyone:n
- '<SYSTEM32>\wscript.exe' "%WINDIR%\java\classes\ops\123.vbs"
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\chinasougou.ime /e /p everyone:n
- %WINDIR%\java\classes\ops\fg1.reg
- %WINDIR%\java\classes\ops\index.html
- %WINDIR%\java\classes\ops\index.htm
- %WINDIR%\java\classes\ops\123.vbs
- %WINDIR%\java\classes\ops\gfw\gfwkey=0088.asp
- %WINDIR%\java\classes\ops\gfw\gfwkey=xxxx.asp
- %WINDIR%\java\classes\ops\123.BAT
- %WINDIR%\java\classes\ops\index.htm
- %WINDIR%\java\classes\ops\index.html
- %WINDIR%\java\classes\ops\123.vbs
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''