Техническая информация
- [<HKLM>\SOFTWARE\Classes\vchat\shell\open\command] '' = '"%TEMP%\WinUpdat.exe" %1'
- '%TEMP%\WinUpdat.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\WinUpdat.vbs"
- ClassName: 'pediy06' WindowName: ''
- ClassName: 'GBDYLLO' WindowName: ''
- ClassName: 'OLLYDBG' WindowName: ''
- %TEMP%\WinUpdat.vbs
- %ALLUSERSPROFILE%\Application Data\LightC\LC.ini
- %ALLUSERSPROFILE%\Application Data\LightC\LCs.dll
- %TEMP%\aut1.tmp
- %TEMP%\WinUpdat.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- '20#.#17.211.180':1740
- '20#.#17.211.180':443
- 'ge.tt':80
- ge.tt/api/1/files/9uLDp2r1/0/blob?do######
- DNS ASK ge.tt
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'msctls_updown32' WindowName: ''