Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\OSEvent] 'Start' = '00000002'
- <SYSTEM32>\s.exe
- <SYSTEM32>\tmp.exe
- <SYSTEM32>\s.exe -i
- <SYSTEM32>\s.exe -s
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\CTD6MHA1\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\2XI7OL2J\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\desktop.ini
- %WINDIR%\Temp\History\History.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\CDNLJ8XV\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\W16VC1QZ\desktop.ini
- %TEMP%\zy7\s.exe
- %TEMP%\zy7\s.exe.tmp
- %TEMP%\zy7\2.tmp
- %TEMP%\zy7\_uninstall
- %TEMP%\zy7\tmp.exe
- %TEMP%\zy7\tmp.exe.tmp
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\W16VC1QZ\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\CDNLJ8XV\desktop.ini
- %WINDIR%\Temp\History\History.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\2XI7OL2J\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\CTD6MHA1\desktop.ini
- %TEMP%\zy7\2.tmp
- %TEMP%\zy7\_uninstall
- %TEMP%\zy7\s.exe.tmp
- %TEMP%\zy7\tmp.exe.tmp