Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Skype' = '%TEMP%\server.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{680EDBE1-A0BA-6C00-EF12-C0ED67977BF7}] 'StubPath' = '%TEMP%\server.exe'
- %TEMP%\server.exe
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\moi a la plage.jpg
- %WINDIR%\Explorer.EXE
- %TEMP%\moi a la plage.jpg
- %TEMP%\server.exe
- 'ne####.no-ip.org':1607
- DNS ASK ne####.no-ip.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''