Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,shell.exe'
- '%TEMP%\Windows Media Player.exe'
- '%TEMP%\lsass.exe' -pgf78dfu7f0 -d%HOMEPATH%\Local Settings\Temp
- '%TEMP%\ndc.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL %TEMP%\Tanya 7-year.mp4
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\dwr.cmd" "
- %TEMP%\Windows Media Player.exe
- %TEMP%\nsx3.tmp\System.dll
- <SYSTEM32>\shell.exe
- %TEMP%\Tanya 7-year.mp4
- %TEMP%\lsass.exe
- %TEMP%\ndc.exe
- %TEMP%\1.tmp\dwr.cmd
- %TEMP%\nsx3.tmp\System.dll
- %TEMP%\1.tmp\dwr.cmd
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''