Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\aspnet_states] 'Start' = '00000002'
- '%WINDIR%\Temp\Ѕр¶Ь·А»рЗЅV13[1].5.exe'
- '<SYSTEM32>\lyxrym.exe'
- '%WINDIR%\Temp\V8-·юОсЖч°ж.exe'
- C:\Far2\lpk.dll
- <Current directory>\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\DW\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\Speech\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\MSInfo\lpk.dll
- %WINDIR%\Temp\Ѕр¶Ь·А»рЗЅV13[1].5.exe
- %WINDIR%\Temp\V8-·юОсЖч°ж.exe
- <SYSTEM32>\lyxrym.exe
- C:\RCX2.tmp
- <SYSTEM32>\gei33.dll
- %CommonProgramFiles%\Microsoft Shared\MSInfo\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\Speech\lpk.dll
- %CommonProgramFiles%\Microsoft Shared\DW\lpk.dll
- <Current directory>\lpk.dll
- C:\Far2\lpk.dll
- <SYSTEM32>\gei33.dll
- from C:\RCX2.tmp to <SYSTEM32>\gei33.dll
- from %WINDIR%\Temp\V8-·юОсЖч°ж.exe to %TEMP%\SOFTWARE.LOG
- '88##.#g2014wg.com':8871
- DNS ASK 88##.#g2014wg.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'