Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Endescpy' = '{FEFD603E-5C94-44FD-A15D-E98351A0E79E}'
- <SYSTEM32>\minorwiz.dll
- <SYSTEM32>\gifihlog.dll
- %TEMP%\_is129109.ini
- %TEMP%\_is127718.ini
- <SYSTEM32>\serodmin.dll
- %TEMP%\UUU2.tmp
- %TEMP%\UUU1.tmp
- %TEMP%\UUU3.tmp
- <SYSTEM32>\keyovpop32.dll
- %TEMP%\_is127718.ini
- %TEMP%\_is129109.ini
- %TEMP%\UUU3.tmp
- %TEMP%\UUU1.tmp
- %TEMP%\UUU2.tmp