Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{EAA5AD5A-4577-9633-29C1-1AED30ABAF7D}] 'StubPath' = '<SYSTEM32>:expIorer.exe'
- %HOMEPATH%\My Documents\fominjector.exe
- <SYSTEM32>\pisrvcr.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>:expIorer.exe
- %HOMEPATH%\My Documents\fominjector.exe
- <SYSTEM32>\pisrvcr.exe
- <SYSTEM32>\pisrvcr.exe
- 'vo####.shacknet.nu':6112
- 'na##.ath.cx':6112
- DNS ASK vo####.shacknet.nu
- DNS ASK na##.ath.cx
- '<IP-адрес в локальной сети>':1034
- ClassName: 'Shell_TrayWnd' WindowName: ''