Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'd2jsp' = '<SYSTEM32>\d2jsp.exe'
- '<SYSTEM32>\d2jsp.exe'
- '%TEMP%\RarSFX0\ventrilo-2.2.0-Windows-i386.exe'
- '%TEMP%\RarSFX0\rinst.exe'
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' /I "%CommonProgramFiles%\Wise Installation Wizard\WIS789289CAF73A4A16A33154D498CE069F_2_2_0.MSI" WISE_SETUP_EXE_PATH="%TEMP%\RarSFX0\ventrilo-2.2.0-Windows-i386.exe"
- Библиотека-обработчик для всех процессов: <SYSTEM32>\d2jsphk.dll
- <SYSTEM32>\d2jspwb.dll
- <SYSTEM32>\inst.dat
- <SYSTEM32>\d2jsp.exe
- <SYSTEM32>\d2jsphk.dll
- %TEMP%\1c936.msi
- <SYSTEM32>\rinst.exe
- %CommonProgramFiles%\Wise Installation Wizard\WIS789289CAF73A4A16A33154D498CE069F_2_2_0.MSI
- %TEMP%\RarSFX0\d2jsphk.dll
- %TEMP%\RarSFX0\d2jspwb.dll
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\RarSFX0\ventrilo-2.2.0-Windows-i386.exe
- <SYSTEM32>\pk.bin
- %TEMP%\RarSFX0\d2jsp.exe
- %TEMP%\RarSFX0\rinst.exe
- %TEMP%\RarSFX0\d2jspwb.dll
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\RarSFX0\rinst.exe
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\RarSFX0\d2jsp.exe
- %TEMP%\RarSFX0\d2jsphk.dll
- <SYSTEM32>\rinst.exe в <SYSTEM32>\d2jspr.exe
- 'ft#.##merfilez.net':21
- DNS ASK ft#.##merfilez.net
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: '(null)' WindowName: 'PKL Window'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'