Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '%APPDATA%\WinService.exe'
- %APPDATA%\WinService.exe
- <SYSTEM32>\dumprep.exe 1508 -dm 7 7 "%TEMP%\WERcddc.dir00\explorer.exe.mdmp" 16325836412028192
- <SYSTEM32>\notepad.exe "%TEMP%\code.txt"
- %WINDIR%\Explorer.EXE
- ClassName: 'TibiaClient' WindowName: ''
- %APPDATA%\WinService.exe
- %APPDATA%\WinService.dll
- %TEMP%\winservice.exe
- %TEMP%\code.txt
- %APPDATA%\WinService.dll
- %APPDATA%\WinService.exe
- 'pr#####policy.home.kg':80
- pr#####policy.home.kg/~szybol/engine/autoupdate
- pr#####policy.home.kg/~szybol/engine/online.php?da###########################################
- DNS ASK pr#####policy.home.kg
- '<IP-адрес в локальной сети>':1034
- '<IP-адрес в локальной сети>':1033
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''