Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Irmon] 'Start' = '00000002'
- %TEMP%\ДгХвёц»µµ°.exe
- %WINDIR%\Temp\yang你这个坏蛋gpj.scr /S
- <SYSTEM32>\svchost.exe -k netsvcs
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\check.bat" "
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %WINDIR%\temp\yang你这个坏蛋crs.jpg
- <SYSTEM32>\mydat.dat
- <SYSTEM32>\Irmon32.dll
- %HOMEPATH%\Recent\Temp.lnk
- %TEMP%\WERaeb8.dir00\svchost.exe.mdmp
- %TEMP%\WERaeb8.dir00\manifest.txt
- %TEMP%\WERaeb8.dir00\appcompat.txt
- %TEMP%\WERaeb8.dir00\svchost.exe.hdmp
- %WINDIR%\Temp\yang你这个坏蛋crs.jpg
- %WINDIR%\Temp\yang你这个坏蛋gpj.scr
- %WINDIR%\Temp\你这个坏蛋.jpg
- %TEMP%\ДгХвёц»µµ°.exe
- %HOMEPATH%\Recent\yang你这个坏蛋crs.lnk
- <SYSTEM32>\MyBmp.bmp
- <SYSTEM32>\check.bat
- %WINDIR%\Temp\yang你这个坏蛋gpj.scr
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''