Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RealPlayer' = '<SYSTEM32>\services.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ProClean' = '<SYSTEM32>\services.com'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"<SYSTEM32>\services.com" -noconnect'
- [<HKLM>\SOFTWARE\Classes\dbg\Shell\open\command] '' = '"<SYSTEM32>\services.com" -noconnect'
- <SYSTEM32>\services.com
- <SYSTEM32>\attrib.exe +H +S Volume.sys
- <SYSTEM32>\attrib.exe +H +S services.com
- <SYSTEM32>\attrib.exe +H +S Dirsvc.dll
- <SYSTEM32>\attrib.exe +H +S NTFS64.sys
- %WINDIR%\msagent\agentsvr.exe -Embedding
- %WINDIR%\regedit.exe /s l89.reg
- %WINDIR%\regedit.exe /s q6.reg
- <SYSTEM32>\attrib.exe +H +S Rbat.dll
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\vb2d.cmd" "
- <SYSTEM32>\l89.reg
- <SYSTEM32>\q6.reg
- <SYSTEM32>\NTFS64.sys
- <SYSTEM32>\vb2d.cmd
- <SYSTEM32>\Rbat.dll
- <SYSTEM32>\86102025.INS
- <SYSTEM32>\0313.INS
- <SYSTEM32>\31861617.INS
- <SYSTEM32>\27296716.INS
- <SYSTEM32>\Volume.sys
- <SYSTEM32>\NTFS64.sys
- <SYSTEM32>\Rbat.dll
- <SYSTEM32>\services.com
- <SYSTEM32>\vb2d.cmd
- <SYSTEM32>\l89.reg
- <SYSTEM32>\q6.reg
- 'f.###der.info':3921
- DNS ASK f.###der.info
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''