Техническая информация
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %HOMEPATH%\Start Menu\Programs\·Е·ЕУ°КУ\Website.lnk
- %PROGRAM_FILES%\ffdy\·Е·ЕУ°КУ1233.url
- %HOMEPATH%\Desktop\·Е·ЕУ°КУ.lnk
- %TEMP%\nso2.tmp\1744904
- %PROGRAM_FILES%\ffdy\uninst.exe
- %HOMEPATH%\Start Menu\Programs\·Е·ЕУ°КУ\Uninstall.lnk
- %HOMEPATH%\Start Menu\Programs\·Е·ЕУ°КУ\·Е·ЕУ°КУ.lnk
- %TEMP%\nso2.tmp\Inetc.dll
- %TEMP%\nso2.tmp\FindProcDLL.dll
- %TEMP%\nso2.tmp\System.dll
- %PROGRAM_FILES%\ffdy\play.exe
- %PROGRAM_FILES%\ffdy\install.log
- %TEMP%\nso2.tmp\config.ini
- %TEMP%\nso2.tmp\System.dll
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\nso2.tmp\Inetc.dll
- %TEMP%\nso2.tmp\1744904
- %TEMP%\nso2.tmp\config.ini
- %TEMP%\nso2.tmp\FindProcDLL.dll
- 'pa####.passedexam.com':80
- 'ji####ou.hbweb.org':80
- ji####ou.hbweb.org/other.txt
- pa####.passedexam.com/ffdypost.txt
- DNS ASK pa####.passedexam.com
- DNS ASK ji####ou.hbweb.org
- ClassName: 'Shell_TrayWnd' WindowName: ''