Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'GTVUX' = '%HOMEPATH%\GTVUX\start.vbs'
- '%HOMEPATH%\GTVUX\Autoit3.497788.exe' XWSKINYQ.dat
- '%HOMEPATH%\GTVUX\Autoit3.497788.exe' 763122.dat
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- '<SYSTEM32>\wermgr.exe' -queuereporting
- '<SYSTEM32>\taskkill.exe' /IM mshta.exe
- '<SYSTEM32>\WScript.exe' "%HOMEPATH%\GTVUX\run.vbs"
- '<SYSTEM32>\mshta.exe'
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- %HOMEPATH%\GTVUX\XWSKINYQ.dat
- %HOMEPATH%\GTVUX\run.vbs
- %HOMEPATH%\disable.txt
- %HOMEPATH%\GTVUX\start.vbs
- %HOMEPATH%\GTVUX\start.cmd
- %HOMEPATH%\GTVUX\143883.dat
- %HOMEPATH%\GTVUX\763122.dat
- %HOMEPATH%\GTVUX\63586.dat
- %HOMEPATH%\GTVUX\settings.ini
- %HOMEPATH%\GTVUX\Autoit3.497788.exe
- %HOMEPATH%\GTVUX\Autoit3.497788.exe
- %HOMEPATH%\GTVUX\settings.ini
- %HOMEPATH%\GTVUX\run.vbs
- %HOMEPATH%\GTVUX\763122.dat
- %HOMEPATH%\GTVUX\143883.dat
- %HOMEPATH%\GTVUX\63586.dat
- %HOMEPATH%\GTVUX\XWSKINYQ.dat
- 'ca###.no-ip.biz':3081
- 'ca###.no-ip.biz':3080
- DNS ASK dn#.##ftncsi.com
- DNS ASK ca###.no-ip.biz
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'