Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dx' = '%APPDATA%\dx\dxdiag9.exe'
- <SYSTEM32>\cmd.exe /c ""%APPDATA%\nt.bat" "
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %APPDATA%\nt.bat
- %APPDATA%\dx\dxdiag9.exe
- 'sy###.onwafflez.org':6667
- DNS ASK sy###.onwafflez.org
- ClassName: 'Shell_TrayWnd' WindowName: ''