Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OPfkF' = 'control.exe "%PROGRAM_FILES%\uQbrb1JBjlU\OPfkF.cpl",0,0'
- <SYSTEM32>\control.exe "%PROGRAM_FILES%\uQbrb1JBjlU\OPfkF.cpl",0,0
- <SYSTEM32>\rundll32.exe Shell32.dll,Control_RunDLL "%PROGRAM_FILES%\uQbrb1JBjlU\OPfkF.cpl",0,0
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
- <SYSTEM32>\rundll32.exe Shell32.dll,Control_RunDLL ""%TEMP%\K17wv.dll"",0,-1
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\CAYVCCVQ.log
- %TEMP%\Deployment\VE3JT03G.GQP\6WGT382N.59B.application
- %PROGRAM_FILES%\uQbrb1JBjlU\OPfkF.cpl
- %TEMP%\K17wv.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\POS.GUI[1].application
- %TEMP%\nsh2.tmp\NSISdl.dll
- %TEMP%\easy-restaurant-pos-1.0.0.37.exe
- %TEMP%\easy-restaurant-pos-1.0.0.37.log
- %TEMP%\VSD3.tmp\install.log
- %TEMP%\nsh2.tmp\NSISdl.dll
- %TEMP%\K17wv.dll
- %TEMP%\Deployment\VE3JT03G.GQP\6WGT382N.59B.application
- 'www.sa#####hnologies.com':80
- 'localhost':1038
- 'wh###ies.biz':80
- www.sa#####hnologies.com/ProductsInstall/POS/POS.GUI.application
- wh###ies.biz/whs/chkst.php?sf#########################################
- DNS ASK www.sa#####hnologies.com
- DNS ASK wh###ies.biz
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''