Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Sysnetxx' = 'rundll32.exe "<LS_APPDATA>\HpComms90\Sysnetxx.dll",SystemHelpOffice CdCommspnp'
- %TEMP%\is-PGSNT.tmp\super-email-extractor-4.20.tmp /SL5="$300CE,977679,54272,%TEMP%\super-email-extractor-4.20.exe"
- %TEMP%\super-email-extractor-4.20.exe
- <SYSTEM32>\rundll32.exe "<LS_APPDATA>\HpComms90\Sysnetxx.dll",SystemHelpOffice CdCommspnp
- <SYSTEM32>\rundll32.exe "%TEMP%\dbWIPort.dll", SystemHelpOffice eventMainclass
- %TEMP%\super-email-extractor-4.20.log
- %TEMP%\is-MNO7U.tmp\_isetup\_shfoldr.dll
- <LS_APPDATA>\HpComms90\Sysnetxx.dll
- %TEMP%\dbWIPort.dll
- %TEMP%\nsw2.tmp\NSISdl.dll
- %TEMP%\super-email-extractor-4.20.exe
- %TEMP%\is-MNO7U.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-PGSNT.tmp\super-email-extractor-4.20.tmp
- %TEMP%\nsw2.tmp\NSISdl.dll
- %TEMP%\dbWIPort.dll
- 'st##rs.info':80
- st##rs.info/st/stin.php?sf#######################################
- DNS ASK st##rs.info
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'DesktopUser80' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''