Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'runtimebroker' = '%WINDIR%\runtimebroker.exe'
- %WINDIR%\runtimebroker.exe
- C:\confirmationn.txt
- 'localhost':1038
- 'bc.vc':80
- 'tr.link':80
- http://bc.vc/jecKID2
- http://tr.link/aPN1
- DNS ASK bc.vc
- DNS ASK tr.link
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''