Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ApplicationData' = '%APPDATA%\ApplicationData.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\ApplicationManager.URL
- %HOMEPATH%\Start Menu\Programs\Startup\ApplicationData.lnk
- %HOMEPATH%\Start Menu\Programs\Startup\ApplicationFramework.vbs
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- %APPDATA%\ApplicationData.exe
- %TEMP%\haKuSAtY.txt
- %HOMEPATH%\Local Settings\Tempasd.exe
- %APPDATA%\ApplicationData.exe
- %HOMEPATH%\Local Settings\Tempasd.exe
- 'ra#####rawr.duckdns.org':8008
- DNS ASK ra#####rawr.duckdns.org
- '%APPDATA%\ApplicationData.exe'
- '%HOMEPATH%\Local Settings\Tempasd.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\CasPol.exe'