Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'explorer' = '%PROGRAM_FILES%\SystemFile\exdll.lnk'
- '%PROGRAM_FILES%\SystemFile\explorer.exe' --threads 1 --url http://po######-2.khore.org:9332 --userpass Sheka.1:1
- '<SYSTEM32>\attrib.exe' +H /S /D C:\SystemFile
- '<SYSTEM32>\cmd.exe' /c ""%PROGRAM_FILES%\SystemFile\dll.bat" "
- '<SYSTEM32>\wscript.exe' "%PROGRAM_FILES%\SystemFile\ex.js"
- %PROGRAM_FILES%\SystemFile\libcurl-4.dll
- %PROGRAM_FILES%\SystemFile\explorer.exe
- %PROGRAM_FILES%\SystemFile\pthreadGC2.dll
- %HOMEPATH%\Recent\SystemFile.lnk
- %HOMEPATH%\Recent\ex.lnk
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %PROGRAM_FILES%\SystemFile\dll.bat
- %PROGRAM_FILES%\SystemFile\exdll.lnk
- %PROGRAM_FILES%\SystemFile\ex.js
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- 'po#####c-2.khore.org':9332
- DNS ASK po#####c-2.khore.org
- ClassName: 'Shell_TrayWnd' WindowName: ''