Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'F1' = '%TEMP%\wininit.exe'
- '%TEMP%\nTOPNSEKRhJIYORIhKpnVKeULZjSSFFgoCdxcBSe.exe'
- '%TEMP%\nTOPNSEKRhJIYORIhKpnVKeULZjSSFFgoCdxcBSe.exe' (загружен из сети Интернет)
- %TEMP%\wininit.exe
- %TEMP%\nTOPNSEKRhJIYORIhKpnVKeULZjSSFFgoCdxcBSe.exe
- %TEMP%\nTOPNSEKRhJIYORIhKpnVKeULZjSSFFgoCdxcBSe.exe
- 'fs####.sendspace.com':80
- 'wp#d':80
- fs####.sendspace.com/dl/1c6bde802f1f969bd9d07c94ddb9b8c0/51fd581b4e1cd022/0wg470/PortUnlockv1.1.exe
- wp#d/wpad.dat
- DNS ASK fs####.sendspace.com
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'