Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'runtimebroker' = '%WINDIR%\runtimebroker.exe'
- %WINDIR%\runtimebroker.exe
- 'localhost':1036
- 'bc.vc':80
- 'tr.link':80
- 'sm##.gmail.com':587
- http://bc.vc/jecKID2
- http://tr.link/aPN1
- DNS ASK bc.vc
- DNS ASK tr.link
- DNS ASK sm##.gmail.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''