Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SlideshowFrames' = '%APPDATA%\MediaOptions\SlideshowFrames.exe'
- <SYSTEM32>\wscript.exe "%APPDATA%\MediaOptions\tmp1.vbs" 0
- %WINDIR%\explorer.exe
- %WINDIR%\explorer.exe
- %APPDATA%\MediaOptions\tmp1.vbs
- %APPDATA%\MediaOptions\SlideshowFrames.ram
- %APPDATA%\MediaOptions\tmp1.vbs
- %APPDATA%\MediaOptions\SlideshowFrames.ram в %APPDATA%\MediaOptions\SlideshowFrames.exe
- 'bi#####tcher.no-ip.biz':65300
- DNS ASK bi#####tcher.no-ip.biz
- ClassName: 'Indicator' WindowName: ''