Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'MbWzdFPAPEXL' = '%WINDIR%\sysconf.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MbWzdFPAPEXL' = '%WINDIR%\sysconf.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Explorer.lnk
- <SYSTEM32>\sysconf.exe
- <SYSTEM32>\rsmsink.exe -Embedding
- <SYSTEM32>\sysconf.exe
- %WINDIR%\sysconf.exe
- <SYSTEM32>\NtmsData\NTMSJRNL
- <SYSTEM32>\NtmsData\NTMSDATA
- <SYSTEM32>\NtmsData\NTMSDATA.BAK
- <SYSTEM32>\NtmsData\NTMSIDX
- <SYSTEM32>\NtmsData\NTMSREG
- <SYSTEM32>\NtmsData\NTMSJRNL