Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'jintm' = '%HOMEPATH%\jintm\96955.vbs'
- '%HOMEPATH%\jintm\wY.exe' Tkw.KPW
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\jintm\Ioe.vbs"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- %TEMP%\%USERNAME%2.txt
- %HOMEPATH%\jintm\96955.vbs
- %APPDATA%\88E6680F\ak.tmp
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%7
- %HOMEPATH%\jintm\31552.cmd
- %HOMEPATH%\jintm\wY.exe
- %HOMEPATH%\jintm\ujKMwX.SQP
- %HOMEPATH%\jintm\Ioe.vbs
- %HOMEPATH%\jintm\ZwPh.UDC
- %HOMEPATH%\jintm\Tkw.KPW
- %HOMEPATH%\jintm\ZwPh.UDC
- %HOMEPATH%\jintm\96955.vbs
- %HOMEPATH%\jintm\31552.cmd
- %HOMEPATH%\jintm\Tkw.KPW
- %HOMEPATH%\jintm\ujKMwX.SQP
- %HOMEPATH%\jintm\wY.exe
- %HOMEPATH%\jintm\Ioe.vbs
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%2.txt
- 'dv###.no-ip.biz':999
- DNS ASK dv###.no-ip.biz
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'