Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winmgr' = '%APPDATA%\Roaming\winmgr.exe'
- '%APPDATA%\Roaming\winmgr.exe' /AutoIt3ExecuteScript "%TEMP%\891922" "%APPDATA%\Roaming\winmgr.exe"
- '%APPDATA%\Roaming\winmgr.exe'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe'
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe
- %TEMP%\71588
- %TEMP%\autD613.tmp
- %APPDATA%\Roaming\winmgr.exe
- %TEMP%\891922
- %TEMP%\autD6D0.tmp
- %TEMP%\autD671.tmp
- %TEMP%\431566
- %TEMP%\autB654.tmp
- %TEMP%\412186
- %TEMP%\autB5F5.tmp
- %TEMP%\incl2
- %TEMP%\autB6A3.tmp
- %TEMP%\incl1
- %TEMP%\autD613.tmp
- %TEMP%\autD671.tmp
- %TEMP%\autD6D0.tmp
- %TEMP%\autB5F5.tmp
- %TEMP%\autB654.tmp
- %TEMP%\autB6A3.tmp
- '25#.#55.255.255':12345
- DNS ASK dn#.##ftncsi.com
- DNS ASK ni#####reshit.ddns.net
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''