Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %TEMP%\Style_Facebook.exe
- %TEMP%\layoutsexpress.exe
- %TEMP%\IXP000.TMP\LAYOUT~1.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\get_pre_offering_checks[1].0&affid=layoutsexpress&sid=layoutsexpress2
- %TEMP%\nsp3.tmp\inetc.dll
- %TEMP%\nsp3.tmp\Banner.dll
- %TEMP%\binsischeck654.xml
- %TEMP%\nsp3.tmp\layoutsexpress.rtf
- %TEMP%\nsp3.tmp\nsDialogs.dll
- %TEMP%\nsp3.tmp\xml.dll
- %TEMP%\Style_Facebook.exe
- %TEMP%\layoutsexpress.exe
- %TEMP%\IXP000.TMP\LAYOUT~1.EXE
- %TEMP%\nsd2.tmp
- %TEMP%\nsp3.tmp\modern-header.bmp
- %TEMP%\nsp3.tmp\NSISdl.dll
- %TEMP%\nsp3.tmp\System.dll
- %TEMP%\IXP000.TMP\LAYOUT~1.EXE
- 'in######r.filebulldog.com':80
- in######r.filebulldog.com/binsis/get_pre_offering_checks?ui###################################################################################
- DNS ASK in######r.filebulldog.com
- DNS ASK tr###.zugo.com
- ClassName: '#32770' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''