Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'rejekllinger' = 'wscript "%HOMEPATH%\Elliott\Beherskere9.vbs"'
- %WINDIR%\win.ini
- <SYSTEM32>\tasks\upnp service
- %HOMEPATH%\elliott\beherskere9.exe
- %HOMEPATH%\elliott\beherskere9.vbs
- %APPDATA%\597d9903-ea81-40e6-803a-40d3e5258fa4\run.dat
- %TEMP%\tmp286a.tmp
- %APPDATA%\597d9903-ea81-40e6-803a-40d3e5258fa4\task.dat
- %TEMP%\tmp286a.tmp
- DNS ASK bu###.duckdns.org
- '%HOMEPATH%\elliott\beherskere9.exe'
- '<SYSTEM32>\schtasks.exe' /create /f /tn "UPNP Service" /xml "%TEMP%\tmp286A.tmp"