Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Remote Registry Service' = 'system.exe'
- '%WINDIR%\system.exe'
- '%WINDIR%\system.exe'
- system.exe
- %WINDIR%\system.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %HOMEPATH%\S80K91.VB2
- %WINDIR%\system.exe
- %HOMEPATH%\S80K91.VB2
- %TEMP%\aut2.tmp
- %HOMEPATH%\S80K91.VB2
- %TEMP%\aut1.tmp
- %HOMEPATH%\S80K91.VB2
- 'pi##.tra-ms.pw':6900
- DNS ASK pi##.tra-ms.pw