Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'loader56' = '<SYSTEM32>:system581.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{57805944-D5B0-FDBC-A04F-A2FAA8D08DD4}] 'StubPath' = '<SYSTEM32>:system581.exe'
- %HOMEPATH%\Desktop\sts13.exe
- %HOMEPATH%\Desktop\result.exe
- %HOMEPATH%\Desktop\result(2).exe
- <SYSTEM32>\cmd.exe /c ""%HOMEPATH%\My Documents\My Pictures\1213925773.bat" "
- <SYSTEM32>\cmd.exe /c ""%HOMEPATH%\My Documents\My Pictures\1213925802.bat" "
- <SYSTEM32>\notepad.exe %HOMEPATH%\Desktop\er.txt
- %WINDIR%\Explorer.EXE
- msnmsgr.exe
- %HOMEPATH%\My Documents\My Pictures\1213925802.bat
- <SYSTEM32>:system581.exe
- %HOMEPATH%\My Documents\My Pictures\1213925773.bat
- %HOMEPATH%\Desktop\sts13.exe
- %HOMEPATH%\Desktop\er.txt
- %HOMEPATH%\Desktop\result(2).exe
- %HOMEPATH%\Desktop\result.exe
- %HOMEPATH%\Desktop\result.exe
- %HOMEPATH%\Desktop\sts13.exe
- %HOMEPATH%\Desktop\result(2).exe
- 'co####nga.mine.nu':3460
- DNS ASK co####nga.mine.nu