Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kkey' = '%WINDIR%\Svchost.exe'
- Редактора реестра (RegEdit)
- %TEMP%\1.tmp\nircmd.exe cmdwait 200 savescreenshot "c:\ss.png"
- %WINDIR%\key.exe
- <SYSTEM32>\wscript.exe "C:\ic.vbs"
- <SYSTEM32>\wscript.exe "C:\ic2.vbs"
- <SYSTEM32>\ping.exe -n 120 localhost
- <SYSTEM32>\ping.exe -n 3 localhost
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\ss.bat" "
- <SYSTEM32>\ping.exe -n 2 localhost
- %WINDIR%\regedit.exe /s k.reg
- %WINDIR%\key.exe
- %TEMP%\1.tmp\ic.vbs
- C:\ss.png
- C:\ic2.vbs
- C:\ic.vbs
- %TEMP%\1.tmp\nircmdc.exe
- %TEMP%\1.tmp\ic2.vbs
- %TEMP%\1.tmp\ss.bat
- %TEMP%\1.tmp\k.reg
- %TEMP%\1.tmp\nircmd.exe
- %TEMP%\1.tmp\key.exe
- 'sm##.wp.pl':25
- DNS ASK sm##.wp.pl
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''