Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Tcispn Ykjnfkyd Vvo] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Vwxyab Defghijk Mno] 'Start' = '00000002'
- '%TEMP%\T26500.exe'
- '%WINDIR%\D87F15E1.exe'
- '%APPDATA%\211546.exe'
- '%TEMP%\X6334.exe'
- '%TEMP%\G41.exe'
- '%TEMP%\R18467.exe'
- '%TEMP%\is-BOU8I.tmp\G41.tmp' /SL5="$100E0,18173348,56832,%TEMP%\G41.exe"
- '<SYSTEM32>\svchost.exe' -k sougou
- '<SYSTEM32>\svchost.exe' -k netsvcs
- %TEMP%\is-T71U3.tmp\_isetup\_shfoldr.dll
- %WINDIR%\D87F15E1.exe
- %TEMP%\is-T71U3.tmp\_isetup\_RegDLL.tmp
- %APPDATA%\211546.exe
- %PROGRAM_FILES%\Uhib\Njknaautn.dll
- C:\Net-Temp.ini
- %TEMP%\is-T71U3.tmp\_isetup\_isdecmp.dll
- %TEMP%\X6334.exe
- %TEMP%\R18467.exe
- %TEMP%\G41.exe
- %TEMP%\T26500.exe
- C:\Win_lj.ini
- %WINDIR%\xinstall1167300.dll
- %TEMP%\is-BOU8I.tmp\G41.tmp
- %PROGRAM_FILES%\Uhib\Njknaautn.dll
- %TEMP%\R18467.exe
- %WINDIR%\xinstall1167300.dll
- C:\Win_lj.ini
- C:\Net-Temp.ini
- %TEMP%\T26500.exe
- 'he###.520570.net':8001
- 'he###.520570.net':8000
- DNS ASK he###.520570.net
- ClassName: 'PT1737XYQPGamePlaza' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'