Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\AeroadminService] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\AeroadminService] 'ImagePath' = '"%TEMP%\2k10\AeroAdmin\AeroAdmin.exe" s -sid 1 '
- %TEMP%\2k10\aeroadmin\aeroadmin.exe
- %PROGRAMDATA%\aeroadmin\config
- %PROGRAMDATA%\aeroadmin\log.txt
- %PROGRAMDATA%\aeroadmin\guid.bin
- %PROGRAMDATA%\aeroadmin\settings.bin
- %TEMP%\2k10\aeroadmin\aeroadmin.exe
- 'au####.aeroadmin.com':443
- DNS ASK au####.aeroadmin.com
- ClassName: 'CustomWndCls' WindowName: 'CustomWndCls'
- '%TEMP%\2k10\aeroadmin\aeroadmin.exe'
- '%TEMP%\2k10\aeroadmin\aeroadmin.exe' s -sid 1
- '%TEMP%\2k10\aeroadmin\aeroadmin.exe' a
- '%WINDIR%\syswow64\reg.exe' add HKU\.DEFAULT\Software\AeroAdmin /v uiLanguage /t REG_DWORD /d 1049 /f' (со скрытым окном)
- '%WINDIR%\syswow64\reg.exe' add HKU\.DEFAULT\Software\AeroAdmin /v uiLanguage /t REG_DWORD /d 1049 /f