Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'My App' = '%APPDATA%\hfldr\fgi.exe'
- '<SYSTEM32>\cmd.exe' /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "My App" /t REG_SZ /F /D "%appdata%\hfldr\fgi.exe"
- '<SYSTEM32>\reg.exe' ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "My App" /t REG_SZ /F /D "%APPDATA%\hfldr\fgi.exe"
- '<SYSTEM32>\cmd.exe' /c start https://www.ne##ux.com/m/r/?vl#################################
- '<SYSTEM32>\cmd.exe' /c COPY NeoBux.exe "%appdata%\hfldr\fgi.exe"
- '<SYSTEM32>\cmd.exe' /c MD "%appdata%\hfldr"
- '<SYSTEM32>\cmd.exe' /c attrib +h "%appdata%\hfldr"
- '<SYSTEM32>\attrib.exe' +h "%APPDATA%\hfldr"
- %APPDATA%\hfldr\ID.txt
- 'www.ne##ux.com':443
- 'localhost':1037
- DNS ASK www.ne##ux.com
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: ''