Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Network Server.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\comct\KLClientApp.exe' = '%APPDATA%\comct\KLClientApp.exe:*:...
- '<SYSTEM32>\wscript.exe' "%APPDATA%\comct\injector.vbs"
- '%APPDATA%\comct\KLClientApp.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\comct\KLClientApp.exe" "Edge DNS" ENABLE
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Edge DNS" dir=in action=allow program="%APPDATA%\comct\KLClientApp.exe"
- %APPDATA%\comct\injector.vbs
- %APPDATA%\comct\vp8encoder.dll
- %APPDATA%\comct\KLClientApp.exe
- %TEMP%\nsy2.tmp
- %TEMP%\nse3.tmp\System.dll
- %APPDATA%\comct\vp8encoder.dll
- %APPDATA%\comct\KLClientApp.exe
- %APPDATA%\comct\injector.vbs
- %TEMP%\nse3.tmp\System.dll
- 'rm#####ver.tektonit.ru':563
- 'rm#####ver.tektonit.ru':5655
- 'rm##sys.ru':80
- http://rm##sys.ru/utils/inet_id_notify.php?te####
- DNS ASK rm#####ver.tektonit.ru
- DNS ASK rm##sys.ru
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Windows Security Alert'
- ClassName: '' WindowName: 'Iiiaauaiea nenoaiu aaciianiinoe Windows'