Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Internet Accelerator 2.8.6.452.lnk
- 'C:\WbTlq92.tmp\taskhostpj.exe' -second
- '<SYSTEM32>\wscript.exe' "C:\WbTlq92.tmp\kqYJ.vbs"
- '<SYSTEM32>\attrib.exe' +h C:\WbTlq92.tmp
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- %APPDATA%\RUT_settings\Logs\rms_log_2017-11.html
- C:\WbTlq92.tmp\kqYJ.vbs
- C:\WbTlq92.tmp\taskhostpj.exe
- 'ru##ls.com':563
- 'ru##ls.com':5655
- 'ru##ls.com':80
- http://ru##ls.com/utils/inet_id_notify.php?te####
- DNS ASK se####.rutils.com
- DNS ASK ru##ls.com
- ClassName: '' WindowName: 'Windows Security Alert'
- ClassName: '18467-41' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: 'Iiiaauaiea nenoaiu aaciianiinoe Windows'