Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NetworkControl' = 'C:\NetworkControl\nc.exe'
- '<SYSTEM32>\taskmgr.exe'
- '<SYSTEM32>\cmd.exe' /c a.bat
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnOnPost' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnonBadCertRecving' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnOnZoneCrossing' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnOnPostRedirect' = '00000000'
- <Текущая директория>\a.bat
- %TEMP%\abc
- C:\NetworkControl\nc.exe
- '85.##4.191.170':80
- 'localhost':1038
- http://85.##4.191.170/inst.php?id######
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Button' WindowName: 'Start'
- ClassName: 'Indicator' WindowName: ''