Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'nUp' = '"%TEMP%\nup.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nUp' = '"%TEMP%\nup.exe" @..'
- Средство контроля пользовательских учетных записей (UAC)
- '%TEMP%\nup.exe' @MTL:<Текущая директория>
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "C:\Documents and Settings\URNX"nup.exe"MAV\LOCALS~1\Temp\nup.exe" "nup.exe" ENABLE
- %TEMP%\nup.exe
- 've####m.no-ip.biz':7
- 'ac#######rvices.passport.net':80
- ac#######rvices.passport.net/pp1100/memberexists.srf?x=#############
- DNS ASK vE####m.nO-Ip.bIz
- DNS ASK ac#######rvices.passport.net
- ClassName: 'Indicator' WindowName: ''