Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WindowsMgr] 'ImagePath' = '<SYSTEM32>\ctfmom.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\WindowsMgr] 'Start' = '00000002'
- '<SYSTEM32>\net1.exe' start WindowsMgr
- '<SYSTEM32>\ctfmom.exe'
- '<SYSTEM32>\ping.exe' localhost -n 2
- '%TEMP%\w7e2.tmp'
- '<SYSTEM32>\cmd.exe' /c net start WindowsMgr & ping localhost -n 2 & del "%TEMP%\w7e2.tmp"
- '<SYSTEM32>\net.exe' start WindowsMgr
- <SYSTEM32>\ctfmom.exe
- %WINDIR%\up.bak
- %TEMP%\w7e1.tmp
- %TEMP%\w7e2.tmp
- %TEMP%\w7e2.tmp
- %TEMP%\w7e1.tmp
- %WINDIR%\up.bak
- 'us#####l.scieron.com':80
- 'us#####l.scieron.com':443
- http:///up/uppic.php via us#####l.scieron.com
- DNS ASK us#####l.scieron.com