Техническая информация
- %TEMP%\RarSFX0\in.exe "http://c.####downs.info/soft/36a.exe"
- %WINDIR%\1_YoudaoDict_zhusha_quantui_001.exe
- %TEMP%\RarSFX0\in.exe "http://c.####downs.info/soft/tb.exe"
- %WINDIR%\1_36a.exe
- %TEMP%\RarSFX0\in.exe "http://12#.#1.118.205/pc5566.exe"
- %WINDIR%\1_pc5566.exe
- %TEMP%\RarSFX0\in.exe "http://c.####downs.info/soft/YoudaoDict_zhusha_quantui_001.exe"
- %WINDIR%\1_pc5566.exe (загружен из сети Интернет)
- %WINDIR%\1_36a.exe (загружен из сети Интернет)
- %WINDIR%\1_YoudaoDict_zhusha_quantui_001.exe (загружен из сети Интернет)
- %WINDIR%\1_YoudaoDict_zhusha_quantui_001.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\36a[1].exe
- %WINDIR%\1_36a.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\YoudaoDict_zhusha_quantui_001[1].exe
- %TEMP%\RarSFX0\in.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\pc5566[1].exe
- %WINDIR%\1_pc5566.exe
- 'c.####downs.info':80
- 'localhost':1040
- 'localhost':1037
- 'localhost':1035
- '12#.#1.118.205':80
- c.####downs.info/soft/36a.exe
- c.####downs.info/soft/YoudaoDict_zhusha_quantui_001.exe
- 12#.#1.118.205/pc5566.exe
- DNS ASK c.####downs.info
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''