Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{6165S212-N2YH-W6Q3-3TGD-K0886J5661GB}] 'StubPath' = '%WINDIR%\installdll\sys32dll.exe Restart'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{6165S212-N2YH-W6Q3-3TGD-K0886J5661GB}] 'StubPath' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Policies' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Policies' = ''
- '%WINDIR%\installdll\sys32dll.exe'
- '%TEMP%\afolder\sys-config.exe'
- '<SYSTEM32>\attrib.exe' +h %TEMP%\ztmp
- %WINDIR%\Explorer.EXE
- %APPDATA%\%USERNAME%log.dat
- %TEMP%\%USERNAME%2.txt
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%7
- %TEMP%\ztmp\tmp6711.bat
- %TEMP%\afolder\sys-config.exe
- %WINDIR%\installdll\sys32dll.exe
- %TEMP%\ztmp\tmp6760.exe
- %APPDATA%\%USERNAME%log.dat
- %WINDIR%\installdll\sys32dll.exe
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%2.txt
- %TEMP%\afolder\sys-config.exe
- %TEMP%\ztmp\tmp6760.exe
- 'az#####r33.no-ip.biz':1600
- DNS ASK az#####r33.no-ip.biz
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'