Техническая информация
- %WINDIR%\Getphp.exe (загружен из сети Интернет)
- %WINDIR%\ballon.exe
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\LoadHtml.txt
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\LoadJava.txt
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\LoadAjax.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\Html[1].txt
- %WINDIR%\LoadJava.txt
- %WINDIR%\LoadHtml.txt
- %WINDIR%\Getphp.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\Exec[1].bmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\Java[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\dados[1].txt
- %WINDIR%\ballon.exe
- <SYSTEM32>\WinUdp.cap
- %WINDIR%\LoadAjax.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\Ajax[1].txt
- 'www.fi##den.com':80
- 'localhost':1035
- www.fi##den.com/files/2009/8/4/2533069/Html.txt
- www.fi##den.com/files/2009/8/4/2533069/Exec.bmp
- www.fi##den.com/files/2009/8/4/2533069/Java.txt
- www.fi##den.com/files/2009/8/4/2533069/dados.txt
- www.fi##den.com/files/2009/8/4/2533069/Ajax.txt
- DNS ASK www.fi##den.com
- '10.#.1.1':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''