Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{1C9753A5-4769-1B4E-0206-030702080403}] 'StubPath' = '<SYSTEM32>\svchost1.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\is-QUVJQ.tmp\is-7PVF6.tmp' /SL4 $80092 "%TEMP%\IXP000.TMP\Abylon Schredder.exe" 10899546 52736
- '%TEMP%\IXP000.TMP\Abylon Schredder.exe'
- '%TEMP%\IXP000.TMP\poi.exe'
- %WINDIR%\Explorer.EXE
- <LS_APPDATA>\Xenocode\Sandbox\1.0.0.0\2010.02.03T18.25\Virtual\XRegistry.tmp
- %TEMP%\is-J93A8.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-J93A8.tmp\_isetup\_shfoldr.dll
- %TEMP%\IXP000.TMP\poi.exe
- %TEMP%\IXP000.TMP\Abylon Schredder.exe
- %TEMP%\is-QUVJQ.tmp\is-7PVF6.tmp
- <LS_APPDATA>\Xenocode\Sandbox\1.0.0.0\2010.02.03T18.25\Virtual\XRegistry.tmp в <LS_APPDATA>\Xenocode\Sandbox\1.0.0.0\2010.02.03T18.25\Virtual\XRegistry.bin
- 'ca####jim.myftp.org':3460
- DNS ASK ca####jim.myftp.org
- ClassName: 'Shell_TrayWnd' WindowName: ''