Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'setup' = '%PROGRAM_FILES%\Eeyou\Nutux.exe /setup /{1D4447A0-74CE-49C6-9F8D-07E0E42315E0}'
- '%TEMP%\g81\setup.exe'
- %PROGRAM_FILES%\Eeyou\lazsea\rascens.dll
- %PROGRAM_FILES%\Eeyou\lazsea\pat.xml
- %CommonProgramFiles%\System\Ole DB\MSPat.xml
- %PROGRAM_FILES%\Eeyou\lomnos.exe
- %TEMP%\g81\setup.ini
- %TEMP%\g81\gTemp.dat
- %PROGRAM_FILES%\Eeyou\dalones.exe
- %TEMP%\g81\jTemp.dat
- %PROGRAM_FILES%\Eeyou\dalones.exe в %PROGRAM_FILES%\Eeyou\Nutux.exe
- %PROGRAM_FILES%\Eeyou\lomnos.exe в %PROGRAM_FILES%\Eeyou\Taao.exe
- %TEMP%\g81\gTemp.dat в %TEMP%\g81\setup.exe
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''