Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\winconfig] 'Start' = '00000002'
- '<SYSTEM32>\winconfig.exe'
- '%TEMP%\RarSFX0\winconfig.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\connect.dll
- <SYSTEM32>\connect.cab
- <SYSTEM32>\hidefiledll.dll
- <SYSTEM32>\HideFileDll.cab
- %TEMP%\RarSFX0\liss.ini
- %TEMP%\RarSFX0\winconfig.exe
- <SYSTEM32>\liss.ini
- <SYSTEM32>\winconfig.exe
- <SYSTEM32>\winsocks.dll
- <SYSTEM32>\advatmp.dll
- <SYSTEM32>\winconfig.exe
- <SYSTEM32>\liss.ini
- %TEMP%\RarSFX0\liss.ini
- %TEMP%\RarSFX0\winconfig.exe
- <SYSTEM32>\connect.cab
- <SYSTEM32>\HideFileDll.cab
- <SYSTEM32>\hidefiledll.dll в <SYSTEM32>\advatmp.dll
- <SYSTEM32>\connect.dll в <SYSTEM32>\winsocks.dll
- 'we#####.hinet2010.com':443
- DNS ASK we#####.hinet2010.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''