Техническая информация
- %TEMP%\SetUp.exe
- %WINDIR%\sMss.exe
- %TEMP%\iwokmssvwr.exe
- %TEMP%\SetUp.exe (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c %TEMP%\7056.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Server.exe-crypted[1].exe
- %TEMP%\SetUp.exe
- %TEMP%\7056.bat
- %WINDIR%\sMss.exe
- %TEMP%\clopjgfiuy.wav
- %TEMP%\iwokmssvwr.exe
- %WINDIR%\sMss.exe
- %TEMP%\~DF8B9.tmp
- %TEMP%\~DFF09C.tmp
- %TEMP%\~DFBD83.tmp
- 'h1.##pway.com':80
- 'localhost':1037
- h1.##pway.com/neew/Server.exe-crypted.exe
- DNS ASK h1.##pway.com
- ClassName: 'WMP9DeskBand' WindowName: 'WMP9DeskBand'
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''