Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] '{C4560D12-CE25-4A2E-A5D4-B5070FCBE282}' = 'csiddll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] '{C4560D12-CE25-4A2E-A5D4-B5070FCBE282}' = 'tdrle.dll'
- скрытых файлов
- расширений файлов
- <SYSTEM32>\hhcmd.exe
- <SYSTEM32>\Dofake.exe
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\tata_1.dll
- %WINDIR%\explorer.exe
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\tdrle.dll
- <SYSTEM32>\rundll32.exe ccy9016.dll , InstallMyDll
- <SYSTEM32>\Dofake.exe
- <SYSTEM32>\tata_1.dll
- <SYSTEM32>\hhcmd.exe
- <SYSTEM32>\ccy9016.dll
- <SYSTEM32>\dllcache\ccy9016.dll
- <SYSTEM32>\tdrle.dll
- <SYSTEM32>\Dofake.exe
- 'www.fy##ppy.cn':80
- www.fy##ppy.cnhttp://www.fyhappy.cn/OemWpsSetup20.98.exe
- DNS ASK www.fy##ppy.cn
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Proxy Desktop' WindowName: ''