Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'sys32update' = '%APPDATA%\Roaming\TAyEfOQK.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe'
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "sys32update" /t REG_SZ /d "%APPDATA%\Roaming\TAyEfOQK.exe
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\m42qedao.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA737.tmp" "%TEMP%\CSCA707.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %TEMP%\RESA737.tmp
- %TEMP%\m42qedao.dll
- %APPDATA%\Roaming\TAyEfOQK.exe
- %TEMP%\CSCA707.tmp
- %TEMP%\tmp6EF7.tmp.txt
- %TEMP%\m42qedao.cmdline
- %TEMP%\m42qedao.out
- %TEMP%\m42qedao.dll
- %TEMP%\m42qedao.out
- %TEMP%\tmp6EF7.tmp.txt
- %TEMP%\RESA737.tmp
- %TEMP%\CSCA707.tmp
- %TEMP%\m42qedao.cmdline
- DNS ASK dn#.##ftncsi.com
- DNS ASK sm###.no-ip.biz
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''