Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '<SYSTEM32>\oisrwic.dll'
- <LS_APPDATA>\user_597.exe
- %PROGRAM_FILES%\g1\g1\bb000000.exe
- <LS_APPDATA>\pp114.exe
- <SYSTEM32>\logonui.exe /status /shutdown
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\g1\g1\aa.bat" "
- %PROGRAM_FILES%\g1\g1\bb000000.exe
- %PROGRAM_FILES%\g1\g1\bb.jpg
- %PROGRAM_FILES%\g1\g1\aa.bat
- <SYSTEM32>\oisrwic.dll
- %HOMEPATH%\Recent\g1.lnk
- %HOMEPATH%\Recent\bb.lnk
- <LS_APPDATA>\user_597.exe
- <LS_APPDATA>\pp114.exe
- %TEMP%\~1.bat
- %PROGRAM_FILES%\g1\g1\p.txt
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\~1.bat
- <LS_APPDATA>\pp114.exe
- <LS_APPDATA>\user_597.exe
- %TEMP%\~1.bat
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- '94.##9.188.62':45612
- ClassName: 'StatusWindowClass' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''