Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'clcas' = '<SYSTEM32>\cll.exe'
- '%WINDIR%\cll.exe'
- '<SYSTEM32>\find.exe' "Reply from"
- '<SYSTEM32>\sc.exe' stop sharedaccess
- '<SYSTEM32>\ftp.exe' -s:ftp.txt
- '<SYSTEM32>\ping.exe' www.16#.com
- '<SYSTEM32>\wscript.exe' "%WINDIR%\3.vbs"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\1.vbs"
- '%WINDIR%\regedit.exe' /s cll.reg
- %WINDIR%\cll.bat
- <SYSTEM32>\cll.exe
- %WINDIR%\snow.txt
- %WINDIR%\1.vbs
- %WINDIR%\cll.reg
- %WINDIR%\3.bat
- %WINDIR%\cll.exe
- %WINDIR%\3.vbs
- %WINDIR%\3.vbs
- %WINDIR%\cll.reg
- DNS ASK www.16#.com
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'