Техническая информация
- %TEMP%\is-SCD88.tmp\Green.tmp /SL5="$10138,744479,52224,%PROGRAM_FILES%\soft05\Green.exe" /sp- /VERYSILENT /norestart
- %TEMP%\is-BB0L9.tmp\Green.tmp /SL5="$300DA,744479,52224,%PROGRAM_FILES%\soft05\Green.exe"
- %PROGRAM_FILES%\soft05\Green.exe /sp- /VERYSILENT /norestart
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://jy.#144.net/
- %TEMP%\is-SCD88.tmp\Green.tmp
- %TEMP%\nsa2.tmp\NSISdl.dll
- %TEMP%\is-KF0NQ.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-KF0NQ.tmp\_isetup\_isdecmp.dll
- %TEMP%\is-KF0NQ.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-AGDN4.tmp\_isetup\_isdecmp.dll
- %PROGRAM_FILES%\soft05\Green.exe
- %PROGRAM_FILES%\soft05\a
- %TEMP%\is-BB0L9.tmp\Green.tmp
- %TEMP%\is-AGDN4.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-AGDN4.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-AGDN4.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-BB0L9.tmp\Green.tmp
- %TEMP%\is-AGDN4.tmp\_isetup\_isdecmp.dll
- %TEMP%\is-AGDN4.tmp\_isetup\_RegDLL.tmp
- 'localhost':1039
- 'do##.emoney.cn':80
- do##.emoney.cn/wl0617171.EXE
- DNS ASK do##.emoney.cn
- '<IP-адрес в локальной сети>':1037
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''