Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = '%HOMEPATH%\Documents\System\cmd.exe'
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,%HOMEPATH%\Documents\System\cmd.exe'
- %HOMEPATH%\desktop\cheatnextrpnew.exe
- %WINDIR%\cheatnew.sfx.exe
- %WINDIR%\13.bat
- %TEMP%\cheatnew.exe
- %HOMEPATH%\documents\system\cmd.exe
- %HOMEPATH%\documents\system\cmd.exe
- '82.##2.167.182':1620
- ClassName: 'EDIT' WindowName: ''
- '%HOMEPATH%\desktop\cheatnextrpnew.exe'
- '%WINDIR%\cheatnew.sfx.exe' -p1234 d%LOCALAPPDATA%\Temp
- '%TEMP%\cheatnew.exe'
- '%HOMEPATH%\documents\system\cmd.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\13.bat" "