Техническая информация
- <SYSTEM32>\d3d8thk.dll файлом <SYSTEM32>\d3d8thk.dll.rzxcp
- %TEMP%\АЦГЛVPNНш°ЙЅ±Аш·юОсЖчБ¬ЅУЛЩ¶ИІвКФ.exe
- %TEMP%\БъЦ®№И.exe
- <SYSTEM32>\sc.exe delete cryptsvc
- <SYSTEM32>\cmd.exe /c ""%TEMP%\delself.bat" "
- <SYSTEM32>\sc.exe stop cryptsvc
- <SYSTEM32>\sc.exe config cryptsvc start= disabled
- %WINDIR%\Explorer.EXE
- %TEMP%\TMl1.tmp
- %TEMP%\delself.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\vpn[1]
- %TEMP%\БъЦ®№И.exe
- %TEMP%\АЦГЛVPNНш°ЙЅ±Аш·юОсЖчБ¬ЅУЛЩ¶ИІвКФ.exe
- %TEMP%\SkinH_EL.dll
- %TEMP%\TMl1.tmp
- %TEMP%\SkinH_EL.dll
- %TEMP%\БъЦ®№И.exe
- <SYSTEM32>\d3d8thk.dll.bzxck
- <SYSTEM32>\d3d8thk.dll в <SYSTEM32>\d3d8thk.dll.bzxck
- <SYSTEM32>\dllcache\d3d8thk.dll в <SYSTEM32>\dllcache\d3d8thk.dll.bzxck
- 'www.63##.com':80
- 'localhost':1036
- www.63##.com/vpn
- DNS ASK www.63##.com
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Internet Explorer'
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''