Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:32 AM1:24:32 AM' = '1:24:32 AM1:24:32 AM1:24:32 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:33 AM1:24:33 AM' = '1:24:33 AM1:24:33 AM1:24:33 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:34 AM1:24:34 AM' = '1:24:34 AM1:24:34 AM1:24:34 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:31 AM1:24:31 AM' = '1:24:31 AM1:24:31 AM1:24:31 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:28 AM1:24:28 AM' = '1:24:28 AM1:24:28 AM1:24:28 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:29 AM1:24:29 AM' = '1:24:29 AM1:24:29 AM1:24:29 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:30 AM1:24:30 AM' = '1:24:30 AM1:24:30 AM1:24:30 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:39 AM1:24:39 AM' = '1:24:39 AM1:24:39 AM1:24:39 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:40 AM1:24:40 AM' = '1:24:40 AM1:24:40 AM1:24:40 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:41 AM1:24:41 AM' = '1:24:41 AM1:24:41 AM1:24:41 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:38 AM1:24:38 AM' = '1:24:38 AM1:24:38 AM1:24:38 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:35 AM1:24:35 AM' = '1:24:35 AM1:24:35 AM1:24:35 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:36 AM1:24:36 AM' = '1:24:36 AM1:24:36 AM1:24:36 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:37 AM1:24:37 AM' = '1:24:37 AM1:24:37 AM1:24:37 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:27 AM1:24:27 AM' = '1:24:27 AM1:24:27 AM1:24:27 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:17 AM1:24:17 AM' = '1:24:17 AM1:24:17 AM1:24:17 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:18 AM1:24:18 AM' = '1:24:18 AM1:24:18 AM1:24:18 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:19 AM1:24:19 AM' = '1:24:19 AM1:24:19 AM1:24:19 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:16 AM1:24:16 AM' = '1:24:16 AM1:24:16 AM1:24:16 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:13 AM1:24:13 AM' = '1:24:13 AM1:24:13 AM1:24:13 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:14 AM1:24:14 AM' = '1:24:14 AM1:24:14 AM1:24:14 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:15 AM1:24:15 AM' = '1:24:15 AM1:24:15 AM1:24:15 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:24 AM1:24:24 AM' = '1:24:24 AM1:24:24 AM1:24:24 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:25 AM1:24:25 AM' = '1:24:25 AM1:24:25 AM1:24:25 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:26 AM1:24:26 AM' = '1:24:26 AM1:24:26 AM1:24:26 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:23 AM1:24:23 AM' = '1:24:23 AM1:24:23 AM1:24:23 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:20 AM1:24:20 AM' = '1:24:20 AM1:24:20 AM1:24:20 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:21 AM1:24:21 AM' = '1:24:21 AM1:24:21 AM1:24:21 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:22 AM1:24:22 AM' = '1:24:22 AM1:24:22 AM1:24:22 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:25:01 AM1:25:01 AM' = '1:25:01 AM1:25:01 AM1:25:01 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:25:02 AM1:25:02 AM' = '1:25:02 AM1:25:02 AM1:25:02 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:25:03 AM1:25:03 AM' = '1:25:03 AM1:25:03 AM1:25:03 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:25:00 AM1:25:00 AM' = '1:25:00 AM1:25:00 AM1:25:00 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:57 AM1:24:57 AM' = '1:24:57 AM1:24:57 AM1:24:57 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:58 AM1:24:58 AM' = '1:24:58 AM1:24:58 AM1:24:58 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:59 AM1:24:59 AM' = '1:24:59 AM1:24:59 AM1:24:59 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:25:08 AM1:25:08 AM' = '1:25:08 AM1:25:08 AM1:25:08 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:25:09 AM1:25:09 AM' = '1:25:09 AM1:25:09 AM1:25:09 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:25:10 AM1:25:10 AM' = '1:25:10 AM1:25:10 AM1:25:10 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:25:07 AM1:25:07 AM' = '1:25:07 AM1:25:07 AM1:25:07 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:25:04 AM1:25:04 AM' = '1:25:04 AM1:25:04 AM1:25:04 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:25:05 AM1:25:05 AM' = '1:25:05 AM1:25:05 AM1:25:05 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:25:06 AM1:25:06 AM' = '1:25:06 AM1:25:06 AM1:25:06 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:56 AM1:24:56 AM' = '1:24:56 AM1:24:56 AM1:24:56 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:46 AM1:24:46 AM' = '1:24:46 AM1:24:46 AM1:24:46 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:47 AM1:24:47 AM' = '1:24:47 AM1:24:47 AM1:24:47 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:48 AM1:24:48 AM' = '1:24:48 AM1:24:48 AM1:24:48 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:45 AM1:24:45 AM' = '1:24:45 AM1:24:45 AM1:24:45 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:42 AM1:24:42 AM' = '1:24:42 AM1:24:42 AM1:24:42 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:43 AM1:24:43 AM' = '1:24:43 AM1:24:43 AM1:24:43 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:44 AM1:24:44 AM' = '1:24:44 AM1:24:44 AM1:24:44 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:53 AM1:24:53 AM' = '1:24:53 AM1:24:53 AM1:24:53 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:54 AM1:24:54 AM' = '1:24:54 AM1:24:54 AM1:24:54 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:55 AM1:24:55 AM' = '1:24:55 AM1:24:55 AM1:24:55 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:52 AM1:24:52 AM' = '1:24:52 AM1:24:52 AM1:24:52 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:49 AM1:24:49 AM' = '1:24:49 AM1:24:49 AM1:24:49 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:50 AM1:24:50 AM' = '1:24:50 AM1:24:50 AM1:24:50 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:51 AM1:24:51 AM' = '1:24:51 AM1:24:51 AM1:24:51 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:34 AM1:23:34 AM' = '1:23:34 AM1:23:34 AM1:23:34 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:35 AM1:23:35 AM' = '1:23:35 AM1:23:35 AM1:23:35 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:36 AM1:23:36 AM' = '1:23:36 AM1:23:36 AM1:23:36 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:33 AM1:23:33 AM' = '1:23:33 AM1:23:33 AM1:23:33 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:30 AM1:23:30 AM' = '1:23:30 AM1:23:30 AM1:23:30 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:31 AM1:23:31 AM' = '1:23:31 AM1:23:31 AM1:23:31 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:32 AM1:23:32 AM' = '1:23:32 AM1:23:32 AM1:23:32 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:41 AM1:23:41 AM' = '1:23:41 AM1:23:41 AM1:23:41 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:42 AM1:23:42 AM' = '1:23:42 AM1:23:42 AM1:23:42 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:43 AM1:23:43 AM' = '1:23:43 AM1:23:43 AM1:23:43 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:40 AM1:23:40 AM' = '1:23:40 AM1:23:40 AM1:23:40 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:37 AM1:23:37 AM' = '1:23:37 AM1:23:37 AM1:23:37 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:38 AM1:23:38 AM' = '1:23:38 AM1:23:38 AM1:23:38 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:39 AM1:23:39 AM' = '1:23:39 AM1:23:39 AM1:23:39 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:29 AM1:23:29 AM' = '1:23:29 AM1:23:29 AM1:23:29 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:18 AM1:23:18 AM' = '1:23:18 AM1:23:18 AM1:23:18 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:19 AM1:23:19 AM' = '1:23:19 AM1:23:19 AM1:23:19 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:20 AM1:23:20 AM' = '1:23:20 AM1:23:20 AM1:23:20 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:16 AM1:23:16 AM' = '1:23:16 AM1:23:16 AM1:23:16 AM'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Messenger (Yahoo!)' = '%PROGRAM_FILES%\Yahoo!\Messenger\Yahoo!.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'services' = '%WINDIR%\system\services.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'alireza' = '%WINDIR%\system\services2007.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:26 AM1:23:26 AM' = '1:23:26 AM1:23:26 AM1:23:26 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:27 AM1:23:27 AM' = '1:23:27 AM1:23:27 AM1:23:27 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:28 AM1:23:28 AM' = '1:23:28 AM1:23:28 AM1:23:28 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:25 AM1:23:25 AM' = '1:23:25 AM1:23:25 AM1:23:25 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:22 AM1:23:22 AM' = '1:23:22 AM1:23:22 AM1:23:22 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:23 AM1:23:23 AM' = '1:23:23 AM1:23:23 AM1:23:23 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:24 AM1:23:24 AM' = '1:23:24 AM1:23:24 AM1:23:24 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:03 AM1:24:03 AM' = '1:24:03 AM1:24:03 AM1:24:03 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:04 AM1:24:04 AM' = '1:24:04 AM1:24:04 AM1:24:04 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:05 AM1:24:05 AM' = '1:24:05 AM1:24:05 AM1:24:05 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:02 AM1:24:02 AM' = '1:24:02 AM1:24:02 AM1:24:02 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:59 AM1:23:59 AM' = '1:23:59 AM1:23:59 AM1:23:59 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:00 AM1:24:00 AM' = '1:24:00 AM1:24:00 AM1:24:00 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:01 AM1:24:01 AM' = '1:24:01 AM1:24:01 AM1:24:01 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:10 AM1:24:10 AM' = '1:24:10 AM1:24:10 AM1:24:10 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:11 AM1:24:11 AM' = '1:24:11 AM1:24:11 AM1:24:11 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:12 AM1:24:12 AM' = '1:24:12 AM1:24:12 AM1:24:12 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:09 AM1:24:09 AM' = '1:24:09 AM1:24:09 AM1:24:09 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:06 AM1:24:06 AM' = '1:24:06 AM1:24:06 AM1:24:06 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:07 AM1:24:07 AM' = '1:24:07 AM1:24:07 AM1:24:07 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:24:08 AM1:24:08 AM' = '1:24:08 AM1:24:08 AM1:24:08 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:58 AM1:23:58 AM' = '1:23:58 AM1:23:58 AM1:23:58 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:48 AM1:23:48 AM' = '1:23:48 AM1:23:48 AM1:23:48 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:49 AM1:23:49 AM' = '1:23:49 AM1:23:49 AM1:23:49 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:50 AM1:23:50 AM' = '1:23:50 AM1:23:50 AM1:23:50 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:47 AM1:23:47 AM' = '1:23:47 AM1:23:47 AM1:23:47 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:44 AM1:23:44 AM' = '1:23:44 AM1:23:44 AM1:23:44 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:45 AM1:23:45 AM' = '1:23:45 AM1:23:45 AM1:23:45 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:46 AM1:23:46 AM' = '1:23:46 AM1:23:46 AM1:23:46 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:55 AM1:23:55 AM' = '1:23:55 AM1:23:55 AM1:23:55 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:56 AM1:23:56 AM' = '1:23:56 AM1:23:56 AM1:23:56 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:57 AM1:23:57 AM' = '1:23:57 AM1:23:57 AM1:23:57 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:54 AM1:23:54 AM' = '1:23:54 AM1:23:54 AM1:23:54 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:51 AM1:23:51 AM' = '1:23:51 AM1:23:51 AM1:23:51 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:52 AM1:23:52 AM' = '1:23:52 AM1:23:52 AM1:23:52 AM'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1:23:53 AM1:23:53 AM' = '1:23:53 AM1:23:53 AM1:23:53 AM'
- %WINDIR%\regedit.exe
- <SYSTEM32>\taskmgr.exe файлом <SYSTEM32>\taskmgr.exe
- %WINDIR%\regedit.exe
- '%WINDIR%\system\services.exe'
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\temp\wind32.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\temp\wind312.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\temp\sytp.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\temp\winh.bat" "
- %WINDIR%\system\services.jpg
- %WINDIR%\Temp\wind312.bat
- %WINDIR%\Temp\wind32.bat
- <SYSTEM32>\winuser.dll
- <SYSTEM32>\usernet.dll
- %WINDIR%\Temp\acat.cat
- %WINDIR%\Temp\re.ico
- %WINDIR%\Temp\sytp.bat
- %WINDIR%\Temp\i.ico
- %TEMP%\$mad$res$00000b2c$970810$
- %WINDIR%\Temp\winh.bat
- %WINDIR%\Media\windows xp Close.wav
- %WINDIR%\Temp\acat.cat
- %WINDIR%\Temp\re.ico
- %TEMP%\$mad$res$00000b2c$970810$
- <SYSTEM32>\taskmgr.exe в <SYSTEM32>\spool\drivers\color\is350.icm
- %WINDIR%\system\services.jpg в %WINDIR%\system\services.exe
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: '' WindowName: 'services'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '<Имя вируса>'
- ClassName: 'Indicator' WindowName: ''