Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ldmagers] 'Start' = '00000002'
- %WINDIR%\Media\rundll32.exe
- %PROGRAM_FILES%\ЁП 2011 HANMACRO. All rights reserved\FastPing Installer\fastpingsetup.exe
- %PROGRAM_FILES%\ЁП 2011 HANMACRO. All rights reserved\FastPing Installer\SelfInstaller.exe
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\ЁП 2011 HANMACRO. All rights reserved\FastPing Installer\killfile.bat" "
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\setting[1].php
- %PROGRAM_FILES%\ЁП 2011 HANMACRO. All rights reserved\FastPing Installer\killfile.bat
- C:\Hanmacro\setting.ini
- C:\Hanmacro\fastping.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\fastping[1].txt
- <SYSTEM32>\gesysmon.exe
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %PROGRAM_FILES%\ЁП 2011 HANMACRO. All rights reserved\FastPing Installer\SelfInstaller.exe
- %WINDIR%\Media\rundll32.exe
- %PROGRAM_FILES%\ЁП 2011 HANMACRO. All rights reserved\FastPing Installer\fastpingsetup.exe
- <SYSTEM32>\gesysmon.exe
- %WINDIR%\Media\rundll32.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- 'fa###ing.co.kr':80
- 'localhost':1037
- fa###ing.co.kr/download/license/fastping.txt
- fa###ing.co.kr/inst/setting.php
- DNS ASK fa###ing.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''