Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows.exe' = '%WINDIR%\postal_tarjeta.bat'
- <SYSTEM32>\attrib.exe <DRIVERS>\etc\hosts +r +h
- <SYSTEM32>\ipconfig.exe /flushdns
- <SYSTEM32>\reg.exe ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Windows.exe /t REG_SZ /d "%WINDIR%\postal_tarjeta.bat" /f
- <SYSTEM32>\attrib.exe %WINDIR%\video_tarjeta.bat +r +h
- <SYSTEM32>\attrib.exe <DRIVERS>\etc\hosts -r -h -s
- <SYSTEM32>\attrib.exe <DRIVERS>\etc\service2 +r +h
- <Текущая директория>\%
- %WINDIR%\video_tarjeta.bat
- %TEMP%\a56602.bat
- %WINDIR%\video_tarjeta.bat
- %TEMP%\a56602.bat
- %TEMP%\a56602.bat
- <DRIVERS>\etc\hosts в <DRIVERS>\etc\service2
- 'bi#.ly':443
- 'bi##y.com':443
- 'localhost':1035
- 'localhost':1036
- DNS ASK bi##y.com
- DNS ASK bi#.ly
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''