Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,"<LS_APPDATA>\E64mkBaN4x\qnp0Nx44TN.exe" -s'
- %TEMP%\felly trainer 2.994.exe
- <LS_APPDATA>\e64mkban4x\qnp0nx44tn.exe
- %TEMP%\bwz7y7kpzl.exe
- %TEMP%\cetrainers\cet9939.tmp\cet_trainer.cetrainer
- <LS_APPDATA>\e64mkban4x\qnp0nx44tn.exe
- 'localhost':7530
- '%TEMP%\felly trainer 2.994.exe'
- '%TEMP%\bwz7y7kpzl.exe'