Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Csrss.exe' = '%TEMP%\Sys32\comdlg32.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Csrss.exe' = '\Sys32\comdlg32.exe'
- 'C:\Documents\IMServer.exe'
- '%APPDATA%\IMServer.sfx.exe' -p123 -d%APPDATA%
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\fu.bat" "
- %TEMP%\Sys32\comdlg32.exe
- %APPDATA%\Imminent\Logs\17-10-2016
- %APPDATA%\Imminent\Path.dat
- C:\Sys32\comdlg32.exe
- %APPDATA%\fu.bat
- %APPDATA%\IMServer.sfx.exe
- C:\Documents\IMServer.exe
- 'ps#####new.no-ip.biz':50500
- DNS ASK ps#####new.no-ip.biz
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''