Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\tmp2952.lnk
- <SYSTEM32>\svchost.exe
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- %APPDATA%\{CSIL-XBRL-23IC-EIOB-846T-OPLT}\tmp2952.exe
- %APPDATA%\Microsoft\Windows\RsetaWzXe.cfg
- %APPDATA%\Microsoft\Windows\RsetaWzXe.dat
- %APPDATA%\Microsoft\Windows\RsetaWzXe.cfg
- <Полный путь к файлу>
- %APPDATA%\Microsoft\Windows\RsetaWzXe.dat
- 'localhost':1037
- 'is####lo.ddns.net':4000
- DNS ASK is####lo.ddns.net
- ClassName: '18467-41' WindowName: ''
- '<Полный путь к файлу>'
- '<SYSTEM32>\reg.exe' add "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED" /v EnableBalloonTips /t REG_DWORD /d 0 /f
- '<SYSTEM32>\svchost.exe'