Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Activation' = '%WINDIR%\Activation.exe'
- '%WINDIR%\Activation.exe'
- '<SYSTEM32>\ping.exe' www.ij##cs.info -n 10 -l 65500
- '<SYSTEM32>\ping.exe' www.ij##e.org -n 10 -l 65500
- '<SYSTEM32>\ping.exe' www.ke##pub.com -n 10 -l 65500
- '<SYSTEM32>\ping.exe' www.en####urnals.com -n 10 -l 65500
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Activation" /t REG_SZ /d "%WINDIR%\Activation.exe" /f
- '<SYSTEM32>\ping.exe' www.ij##st.com -n 10 -l 65500
- '<SYSTEM32>\ping.exe' www.ij##t.info -n 10 -l 65500
- %TEMP%\~1.bat
- %WINDIR%\Activation.exe
- %TEMP%\~1.bat
- DNS ASK www.ij##cs.info
- DNS ASK www.ij##e.org
- DNS ASK www.ke##pub.com
- DNS ASK www.ij##st.com
- DNS ASK www.ij##t.info
- DNS ASK www.en####urnals.com
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'