Техническая информация
- '%WINDIR%\Temp\2013224132316.exe'
- '%WINDIR%\Temp\2013224132315.exe'
- <SYSTEM32>\WinIo.dll
- <SYSTEM32>\winio.vxd
- <SYSTEM32>\GroupPolicy\user\Scripts\script.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\201969184201201023650946[1]
- %ALLUSERSPROFILE%\Application Data\Thunder Network\Down<Служебное имя>\pub_store.dat
- %WINDIR%\Temp\hknms.sys
- %WINDIR%\Temp\2013224132316.exe
- %WINDIR%\Temp\2013224132315.exe
- %WINDIR%\Temp\201210924625.exe
- <SYSTEM32>\GroupPolicy\gpt.ini
- %WINDIR%\Temp\svchost.exe
- %WINDIR%\Temp\lpk.dll
- %WINDIR%\Temp\hknms.sys
- %WINDIR%\Temp\hknms.sys
- <SYSTEM32>\GroupPolicy\user\Scripts\script.ini в <SYSTEM32>\GroupPolicy\user\Scripts\scripts.ini
- 'xi#######211314.blog.163.com':80
- 'cl####.stat.xunlei.com':80
- 'fa#####uyes.f3322.org':1990
- xi#######211314.blog.163.com/blog/static/201969184201201023650946/
- DNS ASK xi#######211314.blog.163.com
- DNS ASK cl####.stat.xunlei.com
- DNS ASK fa#####uyes.f3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''