Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Intell' = '%TEMP%\sys.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\Intell.exe
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 948
- '%TEMP%\sys.exe'
- '%TEMP%\32bit Patch build 03.exe'
- <LS_APPDATA>\WindowsFormsApplication8\sys.exe_Url_dyjwudqgi22e0tx0cudjk22iyaqfsnls\1.0.0.0\oslpfz_g.newcfg
- %TEMP%\$inst\16.tmp
- %APPDATA%\Intell
- %TEMP%\295DD.dmp
- %TEMP%\dw.log
- %TEMP%\sys.exe
- %TEMP%\32bit Patch build 03.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\7.tmp
- %TEMP%\$inst\4.tmp
- <LS_APPDATA>\WindowsFormsApplication8\sys.exe_Url_dyjwudqgi22e0tx0cudjk22iyaqfsnls\1.0.0.0\oslpfz_g.newcfg в <LS_APPDATA>\WindowsFormsApplication8\sys.exe_Url_dyjwudqgi22e0tx0cudjk22iyaqfsnls\1.0.0.0\user.config
- 'ki###.no-ip.biz':333
- DNS ASK ki###.no-ip.biz
- ClassName: 'Shell_TrayWnd' WindowName: ''