Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ResEdit' = '<LS_APPDATA>\Resds\ResEdit.exe'
- <LS_APPDATA>\Resds\ResEdit.exe
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\r.bat" "
- <Текущая директория>\r.bat
- <LS_APPDATA>\Resds\ResEdit.exe
- 're#####ewmacbook.org':80
- 'ma#####retinanew.org':80
- '83#####hr4h84h72.org':80
- 're#####acbooknew.org':80
- re#####ewmacbook.org/
- ma#####retinanew.org/
- 83#####hr4h84h72.org/
- re#####acbooknew.org/
- DNS ASK re#####ewmacbook.org
- DNS ASK ma#####retinanew.org
- DNS ASK 83#####hr4h84h72.org
- DNS ASK re#####acbooknew.org
- ClassName: 'Indicator' WindowName: ''