Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Logon Service' = '%APPDATA%\Roaming\wininit.exe'
- '%APPDATA%\Roaming\wininit.exe' /AutoIt3ExecuteScript "%TEMP%\g" "%APPDATA%\Roaming\wininit.exe"
- '%APPDATA%\Roaming\wininit.exe'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe'
- '<SYSTEM32>\PING.EXE' -n 0127.0.0.1
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe
- %TEMP%\54.bat
- %APPDATA%\Roaming\wininit.exe
- %TEMP%\g
- %TEMP%\autAF05.tmp
- %TEMP%\autAEF4.tmp
- %TEMP%\autAED4.tmp
- %TEMP%\autA6CA.tmp
- %TEMP%\h
- %TEMP%\autA6AA.tmp
- %TEMP%\incl2
- %TEMP%\autA6EA.tmp
- %TEMP%\incl1
- %APPDATA%\Roaming\wininit.exe
- %TEMP%\autAEF4.tmp
- %TEMP%\autAF05.tmp
- %TEMP%\g
- %TEMP%\autAED4.tmp
- %TEMP%\autA6AA.tmp
- %TEMP%\autA6CA.tmp
- %TEMP%\autA6EA.tmp
- '25#.#55.255.255':420
- DNS ASK dn#.##ftncsi.com
- DNS ASK li######inecraft.no-ip.biz
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''