Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\IPRIP] 'Start' = '00000002'
- '%PROGRAM_FILES%\Office\Office.exe' /i
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\delme.bat" "
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5YNEITMB\desktop.ini
- %TEMP%\delme.bat
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BR394BO\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SL6BKXUR\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DTIAECGB\desktop.ini
- %PROGRAM_FILES%\Office\Office.ini
- %PROGRAM_FILES%\Office\Office.dat
- %PROGRAM_FILES%\Office\Office.exe
- <DRIVERS>\Restore.sys
- %PROGRAM_FILES%\Office\Install.dll
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DTIAECGB\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SL6BKXUR\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5YNEITMB\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8BR394BO\desktop.ini
- <DRIVERS>\Restore.sys
- %PROGRAM_FILES%\Office\Office.dat
- 'wf###.3322.org':2000
- 'localhost':1037
- DNS ASK wf###.3322.org