Техническая информация
- '<SYSTEM32>\wscript.exe' "%TEMP%\install.vbs"
- '%TEMP%\delete.bat' (загружен из сети Интернет)
- '%TEMP%\service.bat' (загружен из сети Интернет)
- '%TEMP%\delete.bat'
- '%TEMP%\service.bat'
- %TEMP%\service.bat
- %TEMP%\cryptcat.exe
- %TEMP%\delete.bat
- %TEMP%\install.vbs
- %TEMP%\APink.scr
- %TEMP%\VNCHooks.dll
- %TEMP%\WinVNC.exe
- %TEMP%\run.reg
- %TEMP%\run.vbs
- '17#.30.1.80':80
- 'localhost':1039
- http://17#.30.1.80/ex/service.bat
- http://17#.30.1.80/ex/cryptcat.exe
- http://17#.30.1.80/ex/delete.bat
- http://17#.30.1.80/ex/install.vbs
- http://17#.30.1.80/ex/APink.scr
- http://17#.30.1.80/ex/VNCHooks.dll
- http://17#.30.1.80/ex/WinVNC.exe
- http://17#.30.1.80/ex/run.reg
- http://17#.30.1.80/ex/run.vbs
- ClassName: 'Shell_TrayWnd' WindowName: ''