Техническая информация
- '%APPDATA%\Windows Loader\Windows Activator.exe'
- '%APPDATA%\winregis.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\mode.com' con cols=80 lines=22
- '<SYSTEM32>\findstr.exe' /I /C:"REG_EXPAND_SZ"
- '<SYSTEM32>\reg.exe' query "HKEY_USERS\S-1-5-19\Environment" /v TEMP
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\winuptstart.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\KMSAutoEasyRU-EN.cmd" "%APPDATA%\Windows Loader\""
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /f /tn winregis /rl highest /tr "%APPDATA%\winregis.exe"
- '<SYSTEM32>\chcp.com' 866
- %TEMP%\1.tmp\tap-windows.exe
- %TEMP%\1.tmp\KMSAutoEasyRU-EN.cmd
- %TEMP%\1.tmp\TunMirror.exe
- %APPDATA%\regiscom.tmp
- %TEMP%\1.tmp\KMSServerService.exe
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %APPDATA%\winregis.exe
- %APPDATA%\winuptstart.bat
- %APPDATA%\Windows Loader\Windows Activator.exe
- %APPDATA%\winregis.exe
- %APPDATA%\winuptstart.bat
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- 'fe###wns.com':80
- 'wh##.amung.us':80
- fe###wns.com/adminler.php?os##################################################################
- wh##.amung.us/pingjs/?k=########
- DNS ASK fe###wns.com
- DNS ASK wh##.amung.us
- ClassName: 'Shell_TrayWnd' WindowName: ''