Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'DRam prosessor' = 'plscd.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DRam prosessor' = 'plscd.exe'
- <SYSTEM32>\plscd.exe 300 "%HOMEPATH%\Desktop\rbot.exe"
- %HOMEPATH%\Desktop\rbot.exe
- %HOMEPATH%\Desktop\keygen.exe
- <SYSTEM32>\cmd.exe /c ""%HOMEPATH%\My Documents\My Pictures\1212515768.bat" "
- %HOMEPATH%\My Documents\My Pictures\1212515768.bat
- <SYSTEM32>\plscd.exe
- %HOMEPATH%\Desktop\keygen.exe
- %HOMEPATH%\Desktop\rbot.exe
- <SYSTEM32>\plscd.exe
- %HOMEPATH%\Desktop\rbot.exe
- 'jk####le.no-ip.biz':6667
- DNS ASK jk####le.no-ip.biz
- ClassName: 'Shell_TrayWnd' WindowName: ''