Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'evhuk' = '%HOMEPATH%\evhuk\25898.vbs'
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- скрытых файлов
- '%HOMEPATH%\evhuk\46RpU.exe' 2F8d.WFU
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\evhuk\mYG01Kw471.vbs"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- %HOMEPATH%\evhuk\9Fvqk.UZP
- %HOMEPATH%\evhuk\56483.cmd
- %HOMEPATH%\evhuk\25898.vbs
- %HOMEPATH%\evhuk\2F8d.WFU
- %HOMEPATH%\evhuk\E024537P.UMS
- %HOMEPATH%\evhuk\46RpU.exe
- %HOMEPATH%\evhuk\mYG01Kw471.vbs
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- %HOMEPATH%\evhuk\9Fvqk.UZP
- %HOMEPATH%\evhuk\56483.cmd
- %HOMEPATH%\evhuk\25898.vbs
- %HOMEPATH%\evhuk\46RpU.exe
- %HOMEPATH%\evhuk\E024537P.UMS
- %HOMEPATH%\evhuk\2F8d.WFU
- %HOMEPATH%\evhuk\mYG01Kw471.vbs
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- 'si####ros.no-ip.biz':1024
- DNS ASK si####ros.no-ip.biz
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'