Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ARC' = '"%TEMP%\tempalbert\uber.exe"'
- %TEMP%\UberBot.exe
- %TEMP%\tempalbert\uber.exe
- %TEMP%\tempalbert\UberBot.exe
- %TEMP%\0001C994
- %TEMP%\0002876D
- %TEMP%\uber.exe
- %TEMP%\uber.exe
- %TEMP%\UberBot.exe
- %TEMP%\0001C994
- %TEMP%\0002876D
- 'go###.no-ip.com':75
- DNS ASK go###.no-ip.com
- ClassName: 'Shell_TrayWnd' WindowName: ''