Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'run' = 'rdpclipmng.exe'
- '<SYSTEM32>\rdpclipmng.exe' MLT <SYSTEM32>
- %WINDIR%\Explorer.EXE
- %TEMP%\ezaqhpxfjmhib.txt
- <SYSTEM32>\adsnt32.dll
- <SYSTEM32>\rdpclipmng.exe
- 'po##.##.us.liquified.net':6669
- 'cr#####.oh.us.liquified.net':7000
- 'bo##.#emonics.net':6667
- 'ir#.##monics.net':6668
- DNS ASK po##.##.us.liquified.net
- DNS ASK cr#####.oh.us.liquified.net
- DNS ASK bo##.#emonics.net
- DNS ASK ir#.##monics.net
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'