Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'VMware process Tool' = '%WINDIR%\Help\Help.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'VMware admin Tool' = '%WINDIR%\Fonts\Fonts34.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'VMware %USERNAME% process' = '<SYSTEM32>\kernel34.exe'
- <SYSTEM32>\ping.exe 127.0.0.1 -l 65500 -t
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].html
- C:\index.html
- %WINDIR%\Help\Kernel34.exe
- <SYSTEM32>\Kernel34.exe
- %WINDIR%\Fonts\Kernel34.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].html
- 'www.ae###-one.com':80
- www.ae###-one.com/index.html
- DNS ASK www.ae###-one.com
- '<IP-адрес в локальной сети>':1035
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- ClassName: '#32770' WindowName: ''