Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'KeyMagic' = '"%TEMP%\RarSFX0\KeyMagic.exe" --run'
- '%TEMP%\RarSFX0\HookInput.x32.exe' 10126
- '%TEMP%\RarSFX0\KeyMagic.exe'
- %TEMP%\RarSFX0\HookInput.x64.exe
- %TEMP%\RarSFX0\HookInput.x32.exe
- %TEMP%\RarSFX0\KeyboardLayouts\azawgyi.km2
- %TEMP%\RarSFX0\InputProcessor.x32.dll
- %TEMP%\RarSFX0\KeyMagic.settings
- %TEMP%\RarSFX0\KeyMagic.exe
- %TEMP%\RarSFX0\InputProcessor.x64.dll
- %TEMP%\RarSFX0\KeyboardLayouts\ayarshan.km2
- %TEMP%\RarSFX0\Microsoft.Win32.TaskScheduler.dll
- %TEMP%\RarSFX0\Layouts.xml
- %TEMP%\RarSFX0\KeyMagicDotNet.dll
- %TEMP%\RarSFX0\KeyboardLayouts\ayar.km2
- %TEMP%\RarSFX0\KeyboardLayouts\ayarmon.km2
- %TEMP%\RarSFX0\KeyboardLayouts\ayarkarenni.km2
- %TEMP%\RarSFX0\KeyboardLayouts\ayarkaren.km2
- 'tt#z.me':80
- 'wp#d':80
- wp#d/wpad.dat
- tt#z.me/keymagic/report/report.php
- DNS ASK tt#z.me
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''