Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'alg.exe' = '%WINDIR%\system\alg.exe'
- '%WINDIR%\system\Rar.exe' e -y "%WINDIR%\system\IJL15.RAR" "%WINDIR%\system\"
- '%WINDIR%\system\alg.exe' -x
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\system\unroar.bat
- %WINDIR%\system\IJL15.DLL
- %WINDIR%\system\unroar.bat
- %WINDIR%\system\IJL15.RAR
- %WINDIR%\system\MXf198.html
- %WINDIR%\system\Firstrun.jpg
- %WINDIR%\system\Winstart.bmp
- %WINDIR%\system\Rar.exe
- %WINDIR%\system\Dbginf.txt
- %WINDIR%\tmp.txt
- %WINDIR%\system\MSMOUSE.DLL
- %WINDIR%\system\ic1.ico
- %WINDIR%\system\alg.exe
- %WINDIR%\system\Rar.exe
- %WINDIR%\system\IJL15.DLL
- %WINDIR%\system\MSMOUSE.DLL
- %WINDIR%\system\Dbginf.txt
- %WINDIR%\system\alg.exe
- %WINDIR%\system\unroar.bat
- %WINDIR%\system\IJL15.RAR
- %WINDIR%\system\Winstart.bmp
- %WINDIR%\tmp.txt
- %WINDIR%\system\ic1.ico
- %TEMP%\~DF50B.tmp
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'