Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\SecurityProviders] 'SecurityProviders' = 'msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll'
- [<HKLM>\SYSTEM\ControlSet001\Control\Lsa] 'Security Packages' = ''
- Средство контроля пользовательских учетных записей (UAC)
- '%APPDATA%\RDP6\ConnectionClient.exe' -server 186.202.185.111 -alttab 0 -printer on -com off -smartcard off -preview on -remoteapp on -seamless off -disk on -smartsizing 0 -localtb 32
- %APPDATA%\RDP6\ico2.ico
- %TEMP%\autB.tmp
- %APPDATA%\RDP6\bkgsc.bmp
- %TEMP%\autA.tmp
- %APPDATA%\RDP6\ConnectionClient.exe
- %TEMP%\aut9.tmp
- %APPDATA%\RDP6\languk.ini
- %TEMP%\autC.tmp
- %APPDATA%\RDP6\bkgscpink.bmp
- %TEMP%\autF.tmp
- %APPDATA%\RDP6\TsCredentials.exe
- %TEMP%\autE.tmp
- %APPDATA%\RDP6\bkgscblue.bmp
- %TEMP%\autD.tmp
- %APPDATA%\RDP6\bkgscgreen.bmp
- %TEMP%\aut3.tmp
- %APPDATA%\RDP6\<Имя вируса>.txt
- %TEMP%\aut4.tmp
- %APPDATA%\RDP6\mstsc.exe
- %TEMP%\aut1.tmp
- %APPDATA%\RDP6\mstscax.dll
- %TEMP%\aut2.tmp
- %APPDATA%\RDP6\ClientRegister.exe
- %TEMP%\aut7.tmp
- %APPDATA%\RDP6\TSPLClient_X64.dll
- %TEMP%\aut8.tmp
- %APPDATA%\RDP6\TSPLClient_X86.dll
- %TEMP%\aut5.tmp
- %APPDATA%\RDP6\TSFTPClient.DLL
- %TEMP%\aut6.tmp
- %TEMP%\autB.tmp
- %TEMP%\autC.tmp
- %TEMP%\aut9.tmp
- %TEMP%\autA.tmp
- %TEMP%\autF.tmp
- %APPDATA%\RDP6\bkgsc.bmp
- %TEMP%\autD.tmp
- %TEMP%\autE.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut7.tmp
- %TEMP%\aut8.tmp
- %TEMP%\aut5.tmp
- %TEMP%\aut6.tmp
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'