Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Nationalrsi] 'ImagePath' = '<SYSTEM32>\narnaa.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Nationalrsi] 'Start' = '00000002'
- '%TEMP%\fnatsuki.exe'
- '%TEMP%\알약+v3백우.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\fnatsuki.exe
- '<SYSTEM32>\cmd.exe' /c %TEMP%\알약+v3백우.exe
- <SYSTEM32>\cmd.exe
- ClassName: 'pediy06' WindowName: ''
- ClassName: 'GBDYLLO' WindowName: ''
- ClassName: 'OLLYDBG' WindowName: ''
- %TEMP%\알약+v3백우.exe
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\fnatsuki.exe
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx в %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
- ClassName: 'Shell_TrayWnd' WindowName: ''