Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\vmwere.lnk
- '%TEMP%\vmwere.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %TEMP%\kptl.doc
- %TEMP%\vmwere.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].htm
- 'www.a-##sato.jp':80
- 'www.mu###mori.com':80
- www.a-##sato.jp/html/mainland/index.php
- www.mu###mori.com/wp-includes/news/index.php
- DNS ASK www.a-##sato.jp
- DNS ASK www.mu###mori.com
- ClassName: 'WordPadClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''