Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winexplorer' = '%APPDATA%\Windows Explorer.exe'
- %TEMP%\_mei29442\outlogeer.exe.manifest
- %TEMP%\_mei29442\_ctypes.pyd
- %TEMP%\_mei29442\_hashlib.pyd
- %TEMP%\_mei29442\_socket.pyd
- %TEMP%\_mei29442\_ssl.pyd
- %TEMP%\_mei29442\bz2.pyd
- %TEMP%\_mei29442\pyexpat.pyd
- %TEMP%\_mei29442\python27.dll
- %TEMP%\_mei29442\pywintypes27.dll
- %TEMP%\_mei29442\select.pyd
- %TEMP%\_mei29442\unicodedata.pyd
- %TEMP%\_mei29442\win32pipe.pyd
- %TEMP%\_mei29442\include\pyconfig.h
- %APPDATA%\windows explorer.exe
- 'sm##.gmail.com':587
- 'sm##.gmail.com':587
- DNS ASK sm##.gmail.com
- '%WINDIR%\syswow64\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v winexplorer /t REG_SZ /d "%APPDATA%\Windows Explorer.exe""' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v winexplorer /t REG_SZ /d "%APPDATA%\Windows Explorer.exe""
- '%WINDIR%\syswow64\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v winexplorer /t REG_SZ /d "%APPDATA%\Windows Explorer.exe"