Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WinDrvs' = '%TEMP%\wininit.exe'
- C:\start.exe
- %TEMP%\wininit.exe
- C:\gavno.bat
- C:\start2.exe
- 'ki####gl.beget.tech':443
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ki####gl.beget.tech
- DNS ASK wp#d
- ClassName: 'EDIT' WindowName: ''
- 'C:\start.exe'
- 'C:\start2.exe' -p123 -dc:\
- '<SYSTEM32>\cmd.exe' /c ""c:\gavno.bat" "