Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\AudioSrv] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\AliIM] 'Start' = '00000002'
- %CommonProgramFiles%\Office11\AliIM.exe
- %CommonProgramFiles%\Office11\WangWang.exe
- <SYSTEM32>\sc.exe create AliIM binpath= "%CommonProgramFiles%\Office11\WangWang.exe" start= auto displayname= "AliWangWang Protect"
- <SYSTEM32>\sc.exe start AliIM
- <SYSTEM32>\wscript.exe "%CommonProgramFiles%\Office11\1.vbs"
- <SYSTEM32>\sc.exe delete AliIM
- %WINDIR%\Temp\mgbqqcsllx.log
- <SYSTEM32>\bldqiefpj
- <SYSTEM32>\rkqkelnhpc
- <SYSTEM32>\51e92691.rdb
- %CommonProgramFiles%\Office11\1.vbs
- %CommonProgramFiles%\Office11\1.bat
- %CommonProgramFiles%\Office11\WangWang.exe
- %CommonProgramFiles%\Office11\AliIM.exe
- <SYSTEM32>\rkqkelnhpc
- %CommonProgramFiles%\Office11\1.vbs
- <SYSTEM32>\bldqiefpj
- %WINDIR%\Temp\mgbqqcsllx.log в %PROGRAM_FILES%\NetMeeting\iegte.lnk
- 'da####ot.3322.org':278
- DNS ASK da####ot.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''