Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Proxy' = '%APPDATA%\Proxy.exe'
- '<SYSTEM32>\wscript.exe' "C:\Proxy.vbs"
- '<SYSTEM32>\cmd.exe' /c C:\Start.bat
- %TEMP%\enviadedemail.tmp
- C:\Conf.txt
- <DRIVERS>\etc\hostsj
- C:\Proxy.vbs
- C:\Start.bat
- %APPDATA%\Proxy.exe
- %APPDATA%\Proxy.exe
- <DRIVERS>\etc\hosts
- C:\Conf.txt
- C:\Proxy.vbs
- C:\Start.bat
- '17#.#08.186.85':80
- 'localhost':1039
- 'www.vp##eno.com':80
- 17#.#08.186.85/eula.txt
- www.vp##eno.com/joomla/images/noti.php?pc#############
- DNS ASK www.vp##eno.com
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Indicator' WindowName: ''