Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'FvrSON2hTSiWk' = 'control.exe "%PROGRAM_FILES%\XyPy2CkBFg\FvrSON2hTSiWk.cpl",0,1'
- <SYSTEM32>\msiexec.exe /i "%PROGRAM_FILES%\Downloaded Installers\{F1448F1F-F8ED-47A7-B53A-902D94214AE7}\setup.msi"
- <SYSTEM32>\msiexec.exe /V
- <SYSTEM32>\rundll32.exe Shell32.dll,Control_RunDLL "%PROGRAM_FILES%\XyPy2CkBFg\FvrSON2hTSiWk.cpl",0,1
- <SYSTEM32>\rundll32.exe Shell32.dll,Control_RunDLL ""%TEMP%\FVzcr8jRUJa4u.dll"",0,-9
- <SYSTEM32>\control.exe "%PROGRAM_FILES%\XyPy2CkBFg\FvrSON2hTSiWk.cpl",0,1
- %TEMP%\Tar6.tmp
- %TEMP%\Cab5.tmp
- %TEMP%\Tar4.tmp
- %TEMP%\Cab7.tmp
- %TEMP%\CabB.tmp
- %TEMP%\TarA.tmp
- %TEMP%\Cab9.tmp
- %PROGRAM_FILES%\XyPy2CkBFg\FvrSON2hTSiWk.cpl
- %TEMP%\setup.exe
- %TEMP%\FVzcr8jRUJa4u.dll
- %TEMP%\7zS2.tmp\setup.msi
- %TEMP%\Cab3.tmp
- %TEMP%\25b93.msi
- %TEMP%\7zS2.tmp\setup.exe
- %TEMP%\Cab9.tmp
- %TEMP%\Cab7.tmp
- %TEMP%\CabB.tmp
- %TEMP%\TarA.tmp
- %TEMP%\Tar6.tmp
- %TEMP%\Cab3.tmp
- %TEMP%\FVzcr8jRUJa4u.dll
- %TEMP%\Cab5.tmp
- %TEMP%\Tar4.tmp
- 'www.download.windowsupdate.com':80
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
- DNS ASK www.download.windowsupdate.com
- '<IP-адрес в локальной сети>':1034
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''