Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Windows Internet Name Service] 'Start' = '00000002'
- '%WINDIR%\TEMP\1445' -u "<SYSTEM32>\config\systemprofile\AppData\Local\Windows Internet Name Service\"
- '<SYSTEM32>\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe'
- '<SYSTEM32>\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe' /Service
- %WINDIR%\Temp\1445
- %WINDIR%\Temp\1566.bat
- <SYSTEM32>\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
- <SYSTEM32>\config\systemprofile\AppData\Local\Windows Internet Name Service\queries-02.cache
- %WINDIR%\Temp\1445
- DNS ASK dn#.##ftncsi.com
- DNS ASK www.hy###get.com
- DNS ASK www.hy###setup.com
- DNS ASK www.hy###put.com
- ClassName: 'Shell_TrayWnd' WindowName: ''