Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'des' = '<SYSTEM32>\des.exe'
- Библиотека-обработчик для всех процессов: <SYSTEM32>\deshk.dll
- <SYSTEM32>\deshk.dll
- <SYSTEM32>\des.exe
- <SYSTEM32>\pk.bin
- <SYSTEM32>\rinst.exe
- <SYSTEM32>\inst.dat
- <SYSTEM32>\deswb.dll
- %TEMP%\RarSFX0\SoftwareUpdate.exe
- %TEMP%\RarSFX0\deshk.dll
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\RarSFX0\rinst.exe
- %TEMP%\RarSFX0\des.exe
- %TEMP%\RarSFX0\deswb.dll
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\RarSFX0\rinst.exe
- %TEMP%\RarSFX0\SoftwareUpdate.exe
- %TEMP%\RarSFX0\deswb.dll
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\RarSFX0\des.exe
- %TEMP%\RarSFX0\deshk.dll
- 'ma##.#enzy.x10.mx':25
- DNS ASK ma##.#enzy.x10.mx
- ClassName: 'RichEdit20A' WindowName: ''
- ClassName: 'Button' WindowName: 'ICQ'
- ClassName: 'MButtonClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'PKL Window'
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'