Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NET Runytime Optidmization ServiNET Runytime Optdimization Service v2.0.50727_X86\Parameters] 'ServiceDll' = '<SYSTEM32>\RamntuC.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\NET Runytime Optidmization ServiNET Runytime Optdimization Service v2.0.50727_X86] 'ImagePath' = '<SYSTEM32>\svchost.exe -k krnlsrvcy'
- [<HKLM>\SYSTEM\ControlSet001\Services\NET Runytime Optidmization ServiNET Runytime Optdimization Service v2.0.50727_X86] 'Start' = '00000002'
- '<SYSTEM32>\taskkill.exe' /F /IM <Имя файла>.exe
- '<SYSTEM32>\cmd.exe' /c <Полный путь к файлу>.bat
- '<SYSTEM32>\svchost.exe' -k krnlsrvcy
- <SYSTEM32>\svchost.exe
- <Полный путь к файлу>.bat
- %TEMP%\119203_DarkShadow.tmp
- <SYSTEM32>\RamntuC.dll
- %TEMP%\119203_DarkShadow.tmp в <SYSTEM32>\RamntuC.dll
- 'nb.##tlyy.com':8080
- DNS ASK nb.##tlyy.com
- ClassName: '' WindowName: ''