Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Remote_Server_2008] 'Start' = '00000002'
- '%PROGRAM_FILES%\Remote\Remote.exe'
- '%WINDIR%\Temp\RServer.exe'
- '%WINDIR%\Temp\CFДМ°Ц№Щ·ю¶а№¦ДЬјНДо°жSP4.exe'
- '<SYSTEM32>\svchost.exe' 10000
- <SYSTEM32>\svchost.exe
- %WINDIR%\Temp\CFДМ°Ц№Щ·ю¶а№¦ДЬјНДо°жSP4.exe
- %WINDIR%\Temp\superec.ProcessMemory.sys
- %TEMP%\26621451.tmp
- %WINDIR%\Temp\CFДМ°Ц№Щ·ю¶а№¦ДЬјНДо°жSP4.exe
- %WINDIR%\Temp\RServer.exe
- %WINDIR%\Temp\RServer.exe
- %TEMP%\26621451.tmp в %PROGRAM_FILES%\Remote\Remote.exe
- 'a7####61.xicp.net':88
- DNS ASK a7####61.xicp.net
- ClassName: '' WindowName: '????????????'
- ClassName: '' WindowName: '???????? ????'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '????????????????'