Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'DCOM Server 37389' = '{2C1CD3D7-86AC-4068-93BC-A02304B37389}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] '{2C1CD3D7-86AC-4068-93BC-A02304B37389}' = 'DCOM Server 37389'
- <SYSTEM32>\rundll32.exe "<SYSTEM32>\yztkf.dll",run
- <SYSTEM32>\yztkf.dll
- '66.#.199.96':37389