Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WDI] 'Start' = '00000002'
- <DRIVERS>\sysmgr\init\svchost.exe
- <DRIVERS>\sysmgr\svchost.exe
- %WINDIR%\F98L9.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES2.tmp" "%WINDIR%\Temp\CSC1.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe /noconfig /fullpaths @"%WINDIR%\TEMP\aqdqrw89.cmdline"
- <SYSTEM32>\net1.exe user Admin adminpassword /ADD
- %WINDIR%\Temp\aqdqrw89.out
- %WINDIR%\Temp\aqdqrw89.cmdline
- %WINDIR%\Temp\aqdqrw89.0.cs
- %WINDIR%\Temp\aqdqrw89.dll
- %WINDIR%\Temp\RES2.tmp
- %WINDIR%\Temp\CSC1.tmp
- <DRIVERS>\sysmgr\init\svchost.exe
- <DRIVERS>\sysmgr\svchost.InstallLog
- <DRIVERS>\sysmgr\svchost.exe
- %WINDIR%\F98L9.exe
- <DRIVERS>\sysmgr\Winsock Orcas.dll
- <DRIVERS>\sysmgr\Protocol.dll
- <DRIVERS>\sysmgr\svchost.InstallState
- %WINDIR%\Temp\aqdqrw89.cmdline
- %WINDIR%\Temp\aqdqrw89.out
- %WINDIR%\Temp\aqdqrw89.dll
- %WINDIR%\Temp\aqdqrw89.0.cs
- %WINDIR%\F98L9.exe
- %WINDIR%\Temp\RES2.tmp
- %WINDIR%\Temp\CSC1.tmp
- 'gu####.zapto.org':5050
- DNS ASK gu####.zapto.org
- ClassName: 'Shell_TrayWnd' WindowName: ''