Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Spooler] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinServerViewg] 'ImagePath' = '<SYSTEM32>\sys_temtrayg.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinServerViewg] 'Start' = '00000002'
- '<SYSTEM32>\net.exe' start WinServerViewg
- '<SYSTEM32>\net1.exe' start WinServerViewg
- '<SYSTEM32>\sys_temtrayg.exe'
- '<SYSTEM32>\cmd.exe' /c net start WinServerViewg
- '<SYSTEM32>\cmd.exe' /c sc create WinServerViewg binpath= "<SYSTEM32>\sys_temtrayg.exe" type= share start= auto displayname= "systemtrayg" depend= RPCSS/Tcpip/IPSec
- '<SYSTEM32>\sc.exe' create WinServerViewg binpath= "<SYSTEM32>\sys_temtrayg.exe" type= share start= auto displayname= "systemtrayg" depend= RPCSS/Tcpip/IPSec
- '<SYSTEM32>\cmd.exe' /c copy "<Полный путь к файлу>" "<SYSTEM32>\sys_temtrayg.exe"
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\sys_temtraygkaba.sub
- <SYSTEM32>\hz_sys_temtrayg.dll
- <SYSTEM32>\sys_temtrayg.txt
- <SYSTEM32>\sys_temtrayg.jpg
- <SYSTEM32>\sys_temtrayg.exe
- <SYSTEM32>\sys_temtrayg.ini
- <SYSTEM32>\hz_sys_temtrayg.dat
- <SYSTEM32>\keyHook.dll
- <SYSTEM32>\sys_temtrayg.exe
- <SYSTEM32>\sys_temtrayg.ini
- <SYSTEM32>\hz_sys_temtrayg.dat
- 'qq#####5582.3322.org':8760
- DNS ASK qq#####5582.3322.org