Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '<DRIVERS>\etc\rundll32.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'MsAudio' = '<SYSTEM32>\explorer.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'MsAudio' = '%WINDIR%\winlogon.exe'
- %WINDIR%\winlogon.exe
- wow.exe
- <SYSTEM32>\msconfig.com
- <SYSTEM32>\cmd.com
- <SYSTEM32>\dxdiag.com
- <SYSTEM32>\regedit.com
- %WINDIR%\winlogon.exe
- <SYSTEM32>\explorer.exe
- <DRIVERS>\etc\rundll32.exe
- 'www.si##sea.com':80
- www.si##sea.com/images/zczc3.gif
- DNS ASK www.si##sea.com
- ClassName: 'GxWindowClassD3d' WindowName: ''
- ClassName: 'D3D Window' WindowName: 'YB_OnlineClient'
- ClassName: '#32770' WindowName: ''
- ClassName: 'WSGAME' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'zhengtu_client' WindowName: ''
- ClassName: 'OWL_Window' WindowName: ''
- ClassName: '' WindowName: 'WPE PRO'
- ClassName: '' WindowName: 'eXpLoRer'
- ClassName: '' WindowName: 'WinHex'
- ClassName: 'TSpyMain' WindowName: ''
- ClassName: 'TForm1' WindowName: '???????????? ??????(??????)'
- ClassName: 'TFormMain' WindowName: 'Visual Sniffer'