Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{C0000001-39F5-445d-8901-D1ECB71D51F1}] 'StubPath' = '%WINDIR%\msapps\Info.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\clr_optimization_v1.0.51737_32] 'Start' = '00000002'
- %PROGRAM_FILES%\Microsoft ActiveSync\ActiveSync.exe /SA
- <SYSTEM32>\mui\svchost.exe /SS
- %WINDIR%\msapps\Info.exe /ISA
- %WINDIR%\Microsoft.NET\Framework\v1.0.51737\mscorsvw.exe /ISS
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\default[1].aspx
- <SYSTEM32>\httpnt51.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\default[1].aspx
- <SYSTEM32>\mui\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].jpg
- %WINDIR%\msapps\Info.exe
- %WINDIR%\Prairie Wind.bmp.bak
- %WINDIR%\wmsetup.log.bat
- %PROGRAM_FILES%\Microsoft ActiveSync\ActiveSync.exe
- %WINDIR%\Microsoft.NET\Framework\v1.0.51737\mscorsvw.exe
- <SYSTEM32>\httpnt51.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\default[1].aspx
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\default[1].aspx
- 'www.un###x-us.com':80
- '20#.#6.232.182':80
- www.un###x-us.com/news1/index.jpg
- 20#.#6.232.182/microsoftupdate/v6/default.aspx
- DNS ASK www.un###x-us.com
- DNS ASK up####.microsoft.com