Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\6to4\Parameters] 'ServiceDll' = '<SYSTEM32>\NtUserEx.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\6to4] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\ControlSet001\Services\6to4] 'Start' = '00000002'
- '<SYSTEM32>\net1.exe' start 6to4
- '<SYSTEM32>\net.exe' start 6to4
- '<SYSTEM32>\rundll32.exe' "%APPDATA%\dat2.tmp", sqlite3_backup_deinit <Полный путь к файлу>
- <SYSTEM32>\NtUserEx.dat
- <SYSTEM32>\NtUserEx.dll
- %APPDATA%\dat1.tmp
- %APPDATA%\dat2.tmp
- %APPDATA%\dat2.tmp
- %APPDATA%\dat1.tmp
- '43.#48.8.29':443