Техническая информация
- ClassName: 'FileMonClass', WindowName: ''
- ClassName: 'RegMonClass', WindowName: ''
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- %TEMP%\setup.exe
- %TEMP%\nsb13ba.tmp\iod_russian.ini
- %TEMP%\nsb13ba.tmp\iod_english.ini
- %TEMP%\nsb13ba.tmp\ioc_spain.ini
- %TEMP%\nsb13ba.tmp\ioc_russian.ini
- %TEMP%\nsb13ba.tmp\ioc_english.ini
- %TEMP%\nsb13ba.tmp\iob_spain.ini
- %TEMP%\nsb13ba.tmp\iod_spain.ini
- %TEMP%\nsb13ba.tmp\iob_russian.ini
- %WINDIR%\syswow64\nsg14c6.tmp
- %TEMP%\nsb13ba.tmp\system.dll
- %TEMP%\~1496.cmd
- %TEMP%\~1486.tmp
- %TEMP%\nsb13ba.tmp\access40.dll
- %TEMP%\nsb13ba.tmp\userinfo.dll
- %TEMP%\nsb13ba.tmp\iob_english.ini
- %TEMP%\nsb13ba.tmp\langdll.dll
- %TEMP%\~1486.tmp
- %TEMP%\~1496.cmd
- http://www.wi###tep.com/checknewversion/A21052050302A0675569657068674911fa
- DNS ASK wi###tep.com
- DNS ASK el####eyloggers.com
- ClassName: 'ThunderRT6FormDC' WindowName: 'Shareware Cheater v 3.0'
- ClassName: 'ThunderRT6FormDC' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- '%TEMP%\setup.exe' <Полный путь к файлу>
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\~1496.cmd' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\~1496.cmd