Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RemoteABCServer] 'Start' = '00000002'
- '%WINDIR%\RemoteAbc.exe'
- 'C:\Start.exe'
- 'C:\RServer.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\1255.bat
- %WINDIR%\RemoteAbc.exe
- %TEMP%\1255.bat
- %TEMP%\~2.bat
- C:\RServer.exe
- C:\Start.exe
- %TEMP%\~2.bat
- C:\RServer.exe
- 'lf###.3322.org':8888
- DNS ASK lf###.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''