Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winkey' = '%APPDATA%\winkey.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- %APPDATA%\winkey.exe
- <SYSTEM32>\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "winkey" /t REG_SZ /d "%APPDATA%\winkey.exe" /f
- <SYSTEM32>\cmd.exe /c """%TEMP%\pJgJg.bat"" "
- %APPDATA%\winkey.txt
- %APPDATA%\winkey.exe
- %TEMP%\pJgJg.txt
- %TEMP%\pJgJg.bat
- %APPDATA%\winkey.exe
- %APPDATA%\winkey.txt
- %TEMP%\pJgJg.bat
- %TEMP%\pJgJg.txt
- '46#######17269.3utilities.com':1604
- DNS ASK 46#######17269.3utilities.com
- ClassName: 'Indicator' WindowName: ''