Техническая информация
- '%TEMP%\RarSFX0\yhan.exe'
- '<SYSTEM32>\ipconfig.exe' /all
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- %TEMP%\RarSFX0\plus\fent.yhan
- %TEMP%\RarSFX0\plus\gsm.yhan
- %TEMP%\RarSFX0\plus\efmgr.yhan
- %TEMP%\RarSFX0\plus\ctk.yhan
- %TEMP%\RarSFX0\plus\dpro.yhan
- %TEMP%\RarSFX0\yhan.GIF
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ip2city[1].asp
- %TEMP%\RarSFX0\main.gif
- %TEMP%\RarSFX0\plus\zo.yhan
- %TEMP%\RarSFX0\logo.gif
- %TEMP%\RarSFX0\plus\bri.yhan
- %TEMP%\RarSFX0\AntiShutDown.dll
- %TEMP%\RarSFX0\yhan.dll
- %TEMP%\RarSFX0\AntiFuck.dll
- %TEMP%\RarSFX0\更新说明.txt
- %TEMP%\RarSFX0\yhan.exe
- %TEMP%\RarSFX0\lib\krnln.fnr
- %TEMP%\RarSFX0\plus\ainf.yhan
- %TEMP%\RarSFX0\lib\iext.fnr
- %TEMP%\RarSFX0\plus\AntiShutdown.sys
- %TEMP%\RarSFX0\lib\eAPI.fne
- %TEMP%\RarSFX0\IG.exe
- %TEMP%\RarSFX0\yhan.exe в %TEMP%\RarSFX0\IG.exe
- 'www.ip##8.com':80
- 'localhost':1035
- www.ip##8.com/ip2city.asp
- DNS ASK www.ip##8.com
- ClassName: 'ToolbarWindow32' WindowName: ''
- ClassName: 'MSTaskSwWClass' WindowName: ''
- ClassName: 'SysPager' WindowName: ''
- ClassName: 'TrayNotifyWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'Button' WindowName: ''