Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rundll32' = 'rundll32.exe %ALLUSERSPROFILE%\Application Data\2WB.tmp,RunServer'
- '%ALLUSERSPROFILE%\Application Data\documents.exe'
- '<SYSTEM32>\rundll32.exe'
- '<SYSTEM32>\rundll32.exe' %ALLUSERSPROFILE%\Application Data\2WB.tmp,RunServer
- %ALLUSERSPROFILE%\Application Data\vd_rundll32.exe191468.txt
- %ALLUSERSPROFILE%\Application Data\vd_rundll32.exe193031.txt
- %ALLUSERSPROFILE%\Application Data\documents.exe
- %ALLUSERSPROFILE%\Application Data\2WB.tmp
- %ALLUSERSPROFILE%\Application Data\1C7.tmp
- '21#.#0.50.56':443
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'DROPPER' WindowName: 'DROPPER'
- ClassName: 'EDIT' WindowName: '(null)'