Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '%APPDATA%\Roaming\FolderName\notepad++.exe'
- '%APPDATA%\Roaming\notepad++ .exe'
- '%APPDATA%\Roaming\tmp.exe'
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Roaming\FolderName\invs.vbs" "%APPDATA%\Roaming\FolderName\mata2.bat
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\notepad++.exe
- %APPDATA%\Roaming\FolderName\notepad++.bat
- %APPDATA%\Roaming\FolderName\notepad++.exe
- %APPDATA%\Roaming\FolderName\melt.bat
- %APPDATA%\Roaming\97C09787-6498-4B10-8F65-9471D842C55E\run.dat
- %APPDATA%\Roaming\tmp.exe
- %APPDATA%\Roaming\FolderName\rundll11-.txt
- %APPDATA%\Roaming\FolderName\mata2.bat
- %APPDATA%\Roaming\FolderName\invs.vbs
- %APPDATA%\Roaming\notepad++ .exe
- %APPDATA%\Roaming\FolderName\mata.bat
- %APPDATA%\Roaming\FolderName\notepad++.bat
- %APPDATA%\Roaming\FolderName\notepad++.exe
- %APPDATA%\Roaming\FolderName\rundll11-.txt
- %APPDATA%\Roaming\FolderName\invs.vbs
- %APPDATA%\Roaming\FolderName\mata2.bat
- %APPDATA%\Roaming\FolderName\mata.bat
- DNS ASK Ub###.mooo.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK Ae###.mooo.com
- ClassName: 'Shell_TrayWnd' WindowName: ''