Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\alires.exe
- %HOMEPATH%\Start Menu\Programs\Startup\ProDowloader.exe
- %HOMEPATH%\Start Menu\Programs\Startup\cript.exe
- '%TEMP%\ProDowloader.exe'
- '%TEMP%\d70KLrQfgdEMhtVoyEiV7.exe'
- '%TEMP%\ccsetup411.exe'
- '%TEMP%\cript.exe'
- '%TEMP%\d70KLrQfgdEMhtVoyEiV7.exe' (загружен из сети Интернет)
- %TEMP%\nsa5.tmp\g\gcombo\combo-offer.png
- %TEMP%\nsa5.tmp\g\pfWWW.dll
- %TEMP%\nsa5.tmp\g\gcombo\ComboOffer.html
- %TEMP%\nsa5.tmp\g\gtapi_signed.dll
- %TEMP%\nsa5.tmp\g\gcapi_dll.dll
- %TEMP%\nsa5.tmp\nsDialogs.dll
- %TEMP%\d70KLrQfgdEMhtVoyEiV7.exe
- %TEMP%\nsa5.tmp\ButtonEvent.dll
- %TEMP%\nsa5.tmp\modern-header.bmp
- %TEMP%\nsa5.tmp\modern-wizard.bmp
- %TEMP%\nsa5.tmp\UserInfo.dll
- %TEMP%\ccsetup411.exe
- %TEMP%\nsz4.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\cript.exe
- %TEMP%\aut7.tmp
- %TEMP%\HVMRuntm.dll
- %TEMP%\ProDowloader.exe
- %TEMP%\nsa5.tmp\System.dll
- %TEMP%\aut6.tmp
- %TEMP%\aut6.tmp
- %TEMP%\aut7.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- 'ar.##host.net':80
- 'wp#d':80
- ar.##host.net/download/57639427/640164dfd6f04c738cd210fe9eecadd15b193c68/Server.exe
- wp#d/wpad.dat
- DNS ASK ar.##host.net
- DNS ASK wp#d
- ClassName: '#32770' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''