Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '30d229b8ed858274c48022bbb8f91406' = '"%TEMP%\kekw.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30d229b8ed858274c48022bbb8f91406' = '"%TEMP%\kekw.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\30d229b8ed858274c48022bbb8f91406.exe
- %TEMP%\kekw.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\30d229b8ed858274c48022bbb8f91406.exe
- %TEMP%\kekw.exe
- 'im#####crack.gotdns.ch':1505
- DNS ASK im#####crack.gotdns.ch
- '%TEMP%\kekw.exe'
- '%WINDIR%\syswow64\cmd.exe' /k ping 0 & del "%TEMP%\kekw.exe" & exit' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /k ping 0 & del "%TEMP%\kekw.exe" & exit
- '%WINDIR%\syswow64\ping.exe' 0