Техническая информация
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '<SYSTEM32>\EMMA_W~1.SCR'
- %TEMP%\OpenIE_S.exe Emma_watson.scr
- %TEMP%\Ofb1.exe Emma_watson.scr
- <SYSTEM32>\rundll32.exe desk.cpl,InstallScreenSaver <SYSTEM32>\Emma_watson.Scr
- %APPDATA%\Microsoft\Windows\Themes\Custom.theme
- %ALLUSERSPROFILE%\Start Menu\Programs\Emma_watson\Uninstall Emma_watson.lnk
- %TEMP%\FlashListsEMMA_W~1.SCR\Emma_watson.swf
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\success[1].php
- %PROGRAM_FILES%\Ofb1\Ofb1.dll
- %PROGRAM_FILES%\Ofb1\Uninstall.exe
- %TEMP%\Ofb1.$$A
- %PROGRAM_FILES%\Ofb1\Uninstall.$$A
- %TEMP%\OFoxInstaller.$$A
- <SYSTEM32>\Emma_watson.$$A
- %TEMP%\OpenIE_S.$$A
- %TEMP%\OpenIE_S.$$A в %TEMP%\OpenIE_S.exe
- <SYSTEM32>\Emma_watson.$$A в <SYSTEM32>\Emma_watson.Scr
- %TEMP%\OFoxInstaller.$$A в %TEMP%\OFoxInstaller.exe
- %PROGRAM_FILES%\Ofb1\Uninstall.$$A в %PROGRAM_FILES%\Ofb1\Uninstall.exe
- %TEMP%\Ofb1.$$A в %TEMP%\Ofb1.exe
- 'www.be####screens.com':80
- 'localhost':1036
- www.be####screens.com/success.php?ip#####################################################################################################
- DNS ASK www.be####screens.com
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'InstItClass' WindowName: ''
- ClassName: '' WindowName: 'Flash_scr_preview'
- ClassName: 'Shell_TrayWnd' WindowName: ''