Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Thumbs' = '<SYSTEM32>\vbscript-thumbs.vbs'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\client32.exe' = '%TEMP%\client32.exe:*:Enabled:NetSupport Client'
- %TEMP%\client32.exe
- <SYSTEM32>\reg.exe add hkcu\software\microsoft\windows\currentversion\run /v Thumbs /t reg_sz /d <SYSTEM32>\vbscript-thumbs.vbs /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\thumbs.bat" "
- <SYSTEM32>\wscript.exe "%TEMP%\vbscript-thumbs.vbs"
- <SYSTEM32>\wscript.exe "%TEMP%\vbscript-start.vbs"
- <SYSTEM32>\cmd.exe /c ""%TEMP%\start.bat" "
- <SYSTEM32>\pcicapi.DLL
- <SYSTEM32>\PCICHEK.DLL
- <SYSTEM32>\NSM.LIC
- %TEMP%\client32.ini
- <SYSTEM32>\client32.exe
- <SYSTEM32>\PCICL32.DLL
- <SYSTEM32>\vbscript-thumbs.vbs
- <SYSTEM32>\vbscript-start.vbs
- <SYSTEM32>\thumbs.bat
- <SYSTEM32>\TCCTL32.DLL
- <SYSTEM32>\client32.ini
- %TEMP%\client32.exe
- %TEMP%\pcicapi.DLL
- %TEMP%\PCICHEK.DLL
- %TEMP%\NSM.LIC
- %TEMP%\sfx.ini
- %TEMP%\HTCTL32.DLL
- %TEMP%\PCICL32.DLL
- %TEMP%\vbscript-start.vbs
- %TEMP%\vbscript-thumbs.vbs
- %TEMP%\thumbs.bat
- %TEMP%\start.bat
- %TEMP%\TCCTL32.DLL
- %TEMP%\sfx.ini
- 'rh###.sytes.net':450
- DNS ASK rh###.sytes.net
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'NSMWClass' WindowName: ''
- ClassName: 'Indicator' WindowName: ''