Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'aqhiydi' = '<SYSTEM32>\aqhiydi.exe \u'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%HOMEPATH%\tpf.exe \s'
- '<SYSTEM32>\aqhiydi.exe' \d
- '<SYSTEM32>\ping.exe' 0.0.0.0
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\removeMe0450.bat" "
- %TEMP%\removeMe0450.bat
- <SYSTEM32>\aqhiydi.exe
- %HOMEPATH%\tpf.exe
- %HOMEPATH%\tpf.exe