Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RasMank] 'Start' = '00000002'
- C:\dec.exe
- <SYSTEM32>\sc.exe description "RasMank" RasMank Remote Access Connection Manager
- <SYSTEM32>\cmd.exe /c del.bat
- <SYSTEM32>\taskkill.exe /f /im "<Имя вируса>.exe"
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\sc.exe delete RasMank
- <SYSTEM32>\sc.exe Create "RasMank" type= own type= interact start= auto DisplayName= "Remote Access Connection Manager " binPath= "cmd.exe /c start "%WINDIR%\system\AxInstUI901.exe"
- <Текущая директория>\del.bat
- C:\dec.exe
- %WINDIR%\system\AxInstUI901.exe
- C:\dec.exe
- 'fu####13.6600.org':9191
- 'ya####o.3322.org':8181
- DNS ASK fu####13.6600.org
- DNS ASK ya####o.3322.org
- '<IP-адрес в локальной сети>':1035
- ClassName: '' WindowName: ''