Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'adobe-u' = '%APPDATA%\Adobe-u\IE.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NetWire' = '%PROGRAM_FILES%\Internet Explorer\iexplore.exe'
- %APPDATA%\Adobe-u\IE.exe
- <SYSTEM32>\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "adobe-u" /t REG_SZ /d "%APPDATA%\Adobe-u\IE.exe" /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\RUJDC.bat" "
- <SYSTEM32>\ipconfig.exe
- <SYSTEM32>\ipconfig.exe
- %TEMP%\RUJDC.txt
- %TEMP%\RUJDC.bat
- %APPDATA%\Adobe-u\IE.exe
- %TEMP%\RUJDC.txt
- %TEMP%\~DFE731.tmp
- 'ho#####ptop.myvnc.com':2600
- 'localhost':3360
- DNS ASK ho#####ptop.myvnc.com
- ClassName: 'Indicator' WindowName: ''