Техническая информация
- %TEMP%\nsi405b.tmp\system.dll
- %TEMP%\setup.exe
- %TEMP%\max2_133daohang4.exe
- %HOMEPATH%\favorites\====Гøö·ö®¼ò====.url
- %TEMP%\nsn49fb.tmp
- %TEMP%\nsc49fc.tmp\inetload2.dll
- %ProgramFiles(x86)%\internet explorer\newiexplore.exe
- C:\launch internet explorer browser.lnk
- %WINDIR%\arefter.ini
- %TEMP%\deltemp.bat
- %TEMP%\nsi405b.tmp\system.dll
- C:\launch internet explorer browser.lnk
- %TEMP%\setup.exe
- %TEMP%\nsc49fc.tmp\inetload2.dll
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
- 'mk.##xthon.cn':80
- http://mk.##xthon.cn/online_inst/data.ini
- http://mk.##xthon.cn/133daohang4/setup_133daohang4.exe
- DNS ASK mk.##xthon.cn
- ClassName: 'MS_WINHELP' WindowName: ''
- '%TEMP%\setup.exe'
- '%TEMP%\max2_133daohang4.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\DelTemp.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\DelTemp.bat" "