Техническая информация
- %WINDIR%\Getphp.exe
- %WINDIR%\ballon.exe
- %WINDIR%\Getphp.exe (загружен из сети Интернет)
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\LoadHtml.txt
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\LoadJava.txt
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\LoadAjax.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\Html[1].txt
- %WINDIR%\LoadJava.txt
- %WINDIR%\LoadHtml.txt
- %WINDIR%\Getphp.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Exec[1].bmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\Java[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\dados[1].txt
- %WINDIR%\ballon.exe
- <SYSTEM32>\WinUdp.cap
- %WINDIR%\LoadAjax.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\Ajax[1].txt
- 'www.fi##den.com':80
- 'localhost':1035
- www.fi##den.com/files/2009/8/4/2533069/Html.txt
- www.fi##den.com/files/2009/8/4/2533069/Exec.bmp
- www.fi##den.com/files/2009/8/4/2533069/Java.txt
- www.fi##den.com/files/2009/8/4/2533069/dados.txt
- www.fi##den.com/files/2009/8/4/2533069/Ajax.txt
- DNS ASK www.fi##den.com
- ClassName: 'Shell_TrayWnd' WindowName: ''