Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\windowser] 'ImagePath' = '<SYSTEM32>\windowser.exe -Svc'
- [<HKLM>\SYSTEM\ControlSet001\Services\windowser] 'Start' = '00000002'
- '<SYSTEM32>\cmd.exe' /c DelSelf.bat
- '<SYSTEM32>\windowser.exe' -Svc
- '<SYSTEM32>\sc.exe' start windowser -first
- '<SYSTEM32>\sc.exe' create windowser binpath= "<SYSTEM32>\windowser.exe -Svc" type= share start= auto displayname= "windowser"
- '<SYSTEM32>\sc.exe' description windowser windowser
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\IEXP[1].txt
- <Текущая директория>\DelSelf.bat
- <SYSTEM32>\windowser.exe
- 'yu###2.3322.org':80
- 'localhost':1039
- 'www.cn###.net.cn':80
- http://yu###2.3322.org/admin/sjy/IEXP.txt
- DNS ASK yu###2.3322.org
- DNS ASK www.cn###.net.cn