Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2fbd2d304ed4971110b89d54cbf115ca' = '"%APPDATA%\wininit.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2fbd2d304ed4971110b89d54cbf115ca' = '"%APPDATA%\wininit.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\2fbd2d304ed4971110b89d54cbf115ca.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\wininit.exe' = '%APPDATA%\wininit.exe:*:Enabled:wininit.exe'
- '%APPDATA%\wininit.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\wininit.exe" "wininit.exe" ENABLE
- '<SYSTEM32>\cmd.exe'
- '%TEMP%\install_Data.exe'
- <SYSTEM32>\cmd.exe
- %TEMP%\evb4.tmp
- %TEMP%\install_Data.exe
- %APPDATA%\wininit.exe
- %TEMP%\PSE30\c715aec9b11140360b68a96a72178912\php.ini
- %TEMP%\evb2.tmp
- %TEMP%\evb3.tmp
- %TEMP%\evb3.tmp
- %TEMP%\evb2.tmp
- 're####host.ddns.net':1605
- DNS ASK re####host.ddns.net
- ClassName: 'Shell_TrayWnd' WindowName: ''