Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Irmon] 'Start' = '00000002'
- '%TEMP%\RarSFX0\Birds.exe'
- 'C:\Birds.exe'
- 'C:\Server1.exe'
- 360tray.exe
- %TEMP%\RarSFX0\cachev.exe
- %TEMP%\159125_ok.txt
- %TEMP%\RarSFX0\Birds.exe
- C:\Server1.exe
- C:\Birds.exe
- <SYSTEM32>\Irmonapi.dll
- C:\Server1.exe
- %TEMP%\159125_ok.txt в <SYSTEM32>\Irmonapi.dll
- 'www.1t.##ibu.com':8080
- DNS ASK www.1t.##ibu.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''