Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MediaService' = '<SYSTEM32>\wmplay32.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\adobe.exe
- %HOMEPATH%\Start Menu\Programs\Startup\adobe.exe
- %HOMEPATH%\Start Menu\Programs\Startup\Media Service.lnk
- <SYSTEM32>\wmplay32.exe
- <SYSTEM32>\sleep.exe 2
- <SYSTEM32>\taskkill.exe /im logon.exe /f
- <SYSTEM32>\taskkill.exe /im wmplay32.exe /f
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\start.bat
- <SYSTEM32>\adobe.exe
- <SYSTEM32>\start.bat
- %ALLUSERSPROFILE%\Application Data\AMMYY\settings.bin
- %TEMP%\nsa2.tmp\ExecDos.dll
- <SYSTEM32>\settings.bin
- <SYSTEM32>\logon2.exe
- <SYSTEM32>\sleep.exe
- <SYSTEM32>\wmplay322.exe
- '49###8298.com':80
- 49###8298.com/online.txt
- DNS ASK 49###8298.com
- ClassName: '' WindowName: ''