Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{06MIJG0H-3JG8-341U-1AI6-3G8XT24U635N}] 'StubPath' = '<SYSTEM32>\InstallDir\parfeu.exe restart'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '<SYSTEM32>\InstallDir\parfeu.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = '<SYSTEM32>\InstallDir\parfeu.exe'
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE'
- %APPDATA%\Microsoft\Windows\YSaEmMw.dat
- <SYSTEM32>\InstallDir\parfeu.exe
- %APPDATA%\Microsoft\Windows\YSaEmMw.cfg
- %APPDATA%\Microsoft\Windows\YSaEmMw.dat
- <SYSTEM32>\InstallDir\parfeu.exe
- %APPDATA%\Microsoft\Windows\YSaEmMw.cfg
- 'fl#####shi.no-ip.biz':7412
- 'in###.hopto.org':7412
- 'localhost':1038
- DNS ASK fl#####shi.no-ip.biz
- DNS ASK in###.hopto.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''