Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '6cz3mz5' = '%HOMEPATH%\6cz3mz5\23116.vbs'
- '%HOMEPATH%\6cz3mz5\nyupdate.exe' svpt
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" "RegSvcs.exe" ENABLE
- '<SYSTEM32>\DllHost.exe' /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
- %APPDATA%\Roaming\Microsoft\Windows\Recent\6cz3mz5.lnk
- %APPDATA%\Roaming\Microsoft\Windows\Recent\29-12-12(4).lnk
- %HOMEPATH%\6cz3mz5\run.vbs
- %HOMEPATH%\6cz3mz5\23116.vbs
- %HOMEPATH%\6cz3mz5\67580.cmd
- %HOMEPATH%\6cz3mz5\svpt
- %HOMEPATH%\6cz3mz5\nyupdate.exe
- %HOMEPATH%\6cz3mz5\yjRSsXlRsw.KRZ
- %HOMEPATH%\6cz3mz5\29-12-12(4).jpg
- %HOMEPATH%\6cz3mz5\nCyOeLNoyg.FNZ
- %HOMEPATH%\6cz3mz5\nCyOeLNoyg.FNZ
- %HOMEPATH%\6cz3mz5\23116.vbs
- %HOMEPATH%\6cz3mz5\67580.cmd
- %HOMEPATH%\6cz3mz5\yjRSsXlRsw.KRZ
- %HOMEPATH%\6cz3mz5\nyupdate.exe
- %HOMEPATH%\6cz3mz5\svpt
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
- 'ru####6.no-ip.biz':6667
- DNS ASK dn#.##ftncsi.com
- DNS ASK ru####6.no-ip.biz
- ClassName: 'OleMainThreadWndClass' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'