Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '%APPDATA%\zVdsAEQP.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'LAN Service' = '%ProgramFiles%\LAN Service\lansv.exe'
- %TEMP%\tmp1.tmp.txt
- %TEMP%\7rcqm2ki.cmdline
- %TEMP%\7rcqm2ki.out
- %TEMP%\CSC2.tmp
- %TEMP%\RES3.tmp
- %TEMP%\7rcqm2ki.dll
- %APPDATA%\zVdsAEQP.exe
- %APPDATA%\23EF5514-3059-436F-A4A7-4CEFAAB20EB1\run.dat
- %ProgramFiles%\LAN Service\lansv.exe
- %TEMP%\RES3.tmp
- %TEMP%\CSC2.tmp
- %TEMP%\7rcqm2ki.dll
- %TEMP%\7rcqm2ki.out
- %TEMP%\7rcqm2ki.cmdline
- %TEMP%\tmp1.tmp.txt
- 'ru####p.ddns.net':90
- DNS ASK ru####p.ddns.net
- '<Полный путь к файлу>'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\7rcqm2ki.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3.tmp" "%TEMP%\CSC2.tmp"
- '<SYSTEM32>\cmd.exe' /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "" /t REG_SZ /d "%APPDATA%\zVdsAEQP.exe
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "" /t REG_SZ /d "%APPDATA%\zVdsAEQP.exe