Техническая информация
- %TEMP%\PatCh5121ML.exe
- "%TEMP%\t2gk3ciUSI.exe" (загружен из сети Интернет)
- <SYSTEM32>\wscript.exe "%TEMP%\rat.vbs"
- %TEMP%\is-3VUET.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-3VUET.tmp\_isetup\_shfoldr.dll
- %TEMP%\t2gk3ciUSI.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\rat[1].exe
- %TEMP%\rat.vbs
- %TEMP%\PatCh5121ML.exe
- %TEMP%\is-3VUET.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-QPQBQ.tmp\PatCh5121ML.tmp
- 'ke##us.com':80
- 'localhost':1037
- ke##us.com/rat.exe
- DNS ASK ke##us.com
- ClassName: 'Shell_TrayWnd' WindowName: ''