Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'abc625431' = '"%PROGRAM_FILES%\%Program Files%\lrass.exe" dhcc.dll rukou'
- %PROGRAM_FILES%\%Program Files%\lrass.exe dhcc.dll rukou2
- <SYSTEM32>\reg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v abc625431 /t REG_SZ /d """"%PROGRAM_FILES%\%Program Files%\lrass.exe""" dhcc.dll rukou"
- %TEMP%\C6909000.temp
- <Текущая директория>\wjew4ij.bat
- %PROGRAM_FILES%\%Program Files%\lrass.exe
- %TEMP%\194625_x_r_e_s.tmp
- %TEMP%\C6909000.temp
- %TEMP%\194625_x_r_e_s.tmp в %PROGRAM_FILES%\%Program Files%\dhcc.dll
- '<IP-адрес в локальной сети>':800
- ClassName: 'Shell_TrayWnd' WindowName: ''