Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'wuauclt' = '<SYSTEM32>\wuauctl.exe'
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\wuauctl.exe'
- '<SYSTEM32>\msiexec.exe' /i "<SYSTEM32>\mobireadersetup.msi"
- %TEMP%\~DFA243.tmp
- <SYSTEM32>\wuauctl.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\15-giai-tri[1]
- %TEMP%\23648.msi
- <SYSTEM32>\wuauctl.exe.nb5.tmp
- <SYSTEM32>\mobireadersetup.msi
- <SYSTEM32>\mobireadersetup.msi.nb5.tmp
- <SYSTEM32>\ATK.dll
- <SYSTEM32>\ATK.dll.nb5.tmp
- <SYSTEM32>\wuauctl.exe.nb5.tmp
- <SYSTEM32>\ATK.dll.nb5.tmp
- <SYSTEM32>\mobireadersetup.msi.nb5.tmp
- 'www.ca###cbo.org':80
- 'localhost':1036
- http://www.ca###cbo.org/forum/15-giai-tri
- DNS ASK www.ca###cbo.org
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''