Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Instuse' = '%ALLUSERSPROFILE%\Uninstall Information\Instuse.exe'
- '<Текущая директория>\setup.exe'
- '<SYSTEM32>\msiexec.exe'
- %ALLUSERSPROFILE%\Uninstall Information\Instuse.exe
- <Текущая директория>\setup.exe
- <Текущая директория>\setup.exe
- 'im#####tesomorathes.com':80
- http://im#####tesomorathes.com/php/
- DNS ASK im#####tesomorathes.com
- ClassName: 'MainForm' WindowName: ''
- ClassName: 'Unicode' WindowName: ''
- ClassName: 'Class' WindowName: ''
- ClassName: '#32770' WindowName: ''