Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ias] 'Start' = '00000002'
- '%TEMP%\is-3HB5P.tmp\is-R0NJS.tmp' /SL4 $40092 "C:\setup_0700061222b.exe" 1373444 52224
- 'C:\setup_0700061222b.exe'
- 'C:\b.exe'
- %TEMP%\is-3HB5P.tmp\is-R0NJS.tmp
- %TEMP%\is-2DM5Q.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-2DM5Q.tmp\_isetup\_shfoldr.dll
- %TEMP%\162218.txt
- C:\b.exe
- C:\setup_0700061222b.exe
- <Текущая директория>\dulfkacvhe
- <SYSTEM32>\config\SysEvent.Evt
- C:\b.exe
- <SYSTEM32>\config\SecEvent.Evt
- <Текущая директория>\dulfkacvhe
- <SYSTEM32>\config\AppEvent.Evt
- %TEMP%\162218.txt в %PROGRAM_FILES%\NetMeeting\dwypa.bmp
- 'ha#####nan.gnway.net':2009
- 'ha####anan.xicp.net':2009
- 'ha#####yanan.3322.org':2009
- DNS ASK www.ba##u.com
- DNS ASK www.16#.com
- DNS ASK ha#####nan.gnway.net
- DNS ASK ha#####yanan.3322.org
- DNS ASK ha####anan.xicp.net
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'