Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'GinaDLL' = 'wing32.dll'
- [<HKLM>\SOFTWARE\Classes\txtfile\shell\open\command] '' = '%WINDIR%\notepad.jmp %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Explorer' = 'Explorer.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'internat' = '<SYSTEM32>\internat.dic'
- <SYSTEM32>\Explorer.exe
- %WINDIR%\notepad.jmp
- <SYSTEM32>\internat.dic
- %WINDIR%\notepad.jmp
- <SYSTEM32>\internat.dic
- '<IP-адрес в локальной сети>':6667
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Tapplication' WindowName: 'internat'
- ClassName: '' WindowName: '=НшВзЖ®Т¶='
- ClassName: '' WindowName: '=????????='
- ClassName: 'TForm1' WindowName: '=НшВзЖ®Т¶='
- ClassName: 'TForm1' WindowName: '=????????='
- ClassName: 'Tapplication' WindowName: 'Client'
- ClassName: 'tapplication' WindowName: 'notepad'