Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{1NJ6T44U-CT07-4GH3-GTE0-50G6XE0E22NE}] 'StubPath' = '"%APPDATA%\Install\notepad.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Voip' = '%APPDATA%\Install\notepad.exe'
- '%APPDATA%\Install\notepad.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %APPDATA%\Install\.Identifier
- %APPDATA%\Install\notepad.exe
- <Текущая директория>\.Identifier
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'xt.###hewifi.com':3360
- DNS ASK xt.###hewifi.com
- ClassName: 'Indicator' WindowName: ''