Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\lsass.exe
- '%HOMEPATH%\Start Menu\Programs\Startup\lsass.exe'
- '%TEMP%\RarSFX0\z.exe'
- '%TEMP%\Pic_036-www.facebook.com.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\RarSFX0\photo.jpg
- <SYSTEM32>\rundll32.exe
- %TEMP%\RarSFX0\photo.jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\xyz25[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\xyz25[1].htm
- %TEMP%\RarSFX0\z.exe
- %TEMP%\nsl2.tmp\modern-header.bmp
- %TEMP%\Pic_036-www.facebook.com.exe
- %TEMP%\Pic_036-www.facebook.com.exe1
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\xyz25[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\xyz25[1].htm
- 'www.xy##5.com':80
- DNS ASK www.xy##5.com
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'