Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Helper Service NT] 'Start' = '00000002'
- C:\net.exe
- %WINDIR%\rundll
- C:\1.exe
- %WINDIR%\regedit.exe /s 3.reg
- %WINDIR%\regedit.exe /s 2.reg
- <SYSTEM32>\sc.exe config Distributed Task Scheduler start= DISABLED
- <SYSTEM32>\sc.exe config Distributed Transaction Coordinator start= DISABLED
- %WINDIR%\regedit.exe /s 1.reg
- <SYSTEM32>\cmd.exe /c ""c:\net.bat" /start"
- <SYSTEM32>\wscript.exe "c:\net.vbs"
- <SYSTEM32>\wscript.exe "%WINDIR%\temp\1.vbs"
- <SYSTEM32>\cmd.exe /c %WINDIR%\uninstal.BAT
- %WINDIR%\Temp\1.reg
- %WINDIR%\Temp\1.bat
- %WINDIR%\Temp\1.vbs
- %WINDIR%\Temp\3.reg
- %WINDIR%\Temp\2.reg
- %WINDIR%\uninstal.BAT
- C:\1.exe
- C:\net.exe
- C:\net.vbs
- %WINDIR%\rundll
- C:\net.bat
- %WINDIR%\rundll
- %WINDIR%\Temp\2.reg
- %WINDIR%\Temp\3.reg
- %WINDIR%\Temp\Perflib_Perfdata_7e8.dat
- %WINDIR%\Temp\1.vbs
- C:\1.exe
- C:\net.vbs
- %WINDIR%\Temp\1.reg
- 'zz####o.3322.org':8000
- DNS ASK zz####o.3322.org
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''