Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Service] 'Start' = '00000002'
- <SYSTEM32>\reg.exe import <SYSTEM32>\system.reg
- <SYSTEM32>\attrib.exe +s +h <SYSTEM32>\system.vbe
- <SYSTEM32>\wscript.exe "<SYSTEM32>\system.vbe"
- <SYSTEM32>\attrib.exe +s +h %WINDIR%\inf\│╔╚╦═°╓╖┤є╚л.exe
- <SYSTEM32>\attrib.exe +s +h C:\boot.exe
- <SYSTEM32>\attrib.exe +s +h "%PROGRAM_FILES%"\iewe.exe
- <SYSTEM32>\attrib.exe +s +h "%ALLUSERSPROFILE%"\NTuser.exe
- %ALLUSERSPROFILE%\NTuser.exe
- <SYSTEM32>\system.reg
- <SYSTEM32>\system.vbe
- %PROGRAM_FILES%\iewe.exe
- %TEMP%\~1.cmd
- %WINDIR%\inf\│╔╚╦═°╓╖┤є╚л.exe
- C:\boot.exe
- %ALLUSERSPROFILE%\NTuser.exe
- %WINDIR%\inf\│╔╚╦═°╓╖┤є╚л.exe
- <SYSTEM32>\system.vbe
- %TEMP%\~1.cmd
- C:\boot.exe
- %PROGRAM_FILES%\iewe.exe
- %TEMP%\~1.cmd
- <SYSTEM32>\system.vbe
- <SYSTEM32>\system.reg
- 'sm##.qq.com':25
- DNS ASK sm##.qq.com