Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GroupWeise' = '%WINDIR%\GroupWeise\persistence.exe'
- %TEMP%\p2xtmp-2948\auto\List\Util\Util.dll
- %TEMP%\p2xtmp-2948\auto\Socket\Socket.dll
- %TEMP%\p2xtmp-2948\auto\mro\mro.dll
- %TEMP%\p2xtmp-2948\auto\B\B.dll
- %TEMP%\p2xtmp-2948\p2x5142.dll
- %WINDIR%\GroupWeise\GroupWeise.exe
- <Текущая директория>\tmp.exe
- %WINDIR%\GroupWeise\persistence.exe
- %WINDIR%\GroupWeise\Novell Package.exe
- <Текущая директория>\tmp.exe
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''