Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{0248EAF2-030A-466e-8DFA-C3BFE662E028}] 'StubPath' = '%CommonProgramFiles%\System\wab32res.exe'
- %TEMP%\is-2S3GG.tmp\is-9S0IC.tmp /SL4 $60036 "<SYSTEM32>\113296xx.exe" 1992316 51712
- <SYSTEM32>\113296xx.exe
- <SYSTEM32>\109984xx.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\del113828.bat" "
- <SYSTEM32>\cmd.exe /c ""%TEMP%\del110015.bat" "
- %CommonProgramFiles%\System\wab32res.exe
- %TEMP%\is-2S3GG.tmp\is-9S0IC.tmp
- %TEMP%\is-TRC7N.tmp\_shfoldr.dll
- %TEMP%\del113828.bat
- <SYSTEM32>\109984xx.exe
- %TEMP%\del110015.bat
- <SYSTEM32>\113296xx.exe
- <SYSTEM32>\109984xx.exe
- 'll###.ns2go.com':9999
- DNS ASK ll###.ns2go.com
- '<IP-адрес в локальной сети>':1037
- ClassName: 'Shell_TrayWnd' WindowName: ''