Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RealtekAudioService' = '%HOMEPATH%\AppData\Local\RealtekAudio\RealtekAudio.exe'
- '%HOMEPATH%\AppData\Local\RealtekAudio\Update.exe'
- '%HOMEPATH%\AppData\Local\RealtekAudio\RealtekAudio.exe'
- '%HOMEPATH%\AppData\Local\RealtekAudio\Update.exe' (загружен из сети Интернет)
- '<SYSTEM32>\schtasks.exe' /create /tn RealtekAudioSvc /xml %HOMEPATH%\AppData\Local\RealtekAudio\RealtekAudio.xml
- '<SYSTEM32>\cmd.exe' /C schtasks /create /tn RealtekAudioSvc /xml %HOMEPATH%\AppData\Local\RealtekAudio\RealtekAudio.xml
- %HOMEPATH%\AppData\Local\RealtekAudio\Update.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\RealtekAudioUpdate[1].exe
- %HOMEPATH%\AppData\Local\RealtekAudio\AudioSvc.dat
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\cmdissue[1].dat
- %HOMEPATH%\AppData\Local\RealtekAudio\RealtekAudio.exe
- %HOMEPATH%\AppData\Local\RealtekAudio\RealtekAudio.e
- %TEMP%\aut1.tmp
- %HOMEPATH%\AppData\Local\RealtekAudio\RealtekAudio.xml
- %TEMP%\aut2.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- '80.#.149.103':80
- http://80.#.149.103/VBoxOVA/cmdissue.dat
- http://80.#.149.103/VBoxOVA/RealtekAudioUpdate.exe