Техническая информация
- '%PROGRAM_FILES%\Internet Explorer\iexplore.exe' http://www.yy.com/113500
- '<SYSTEM32>\WScript.exe' "<SYSTEM32>\kd.vbs"
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\errorPageStrings[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\NewErrorPageTemplate[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\dnserror[1]
- <LS_APPDATA>\Microsoft\Internet Explorer\imagestore\g1bfg6d\imagestore.dat
- %APPDATA%\Roaming\Microsoft\Protect\S-1-5-21-2832440558-3064306045-1455513625-1000\02aeb62c-ef68-465a-b4bd-21bb12d3a9a3
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\httpErrorPagesScripts[1]
- %TEMP%\~DF85C912B61B027552.TMP
- %TEMP%\~DFC176D19B430EBB0F.TMP
- <LS_APPDATA>\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{797766BF-D4EC-11E4-8F79-E001A4B4E4F2}.dat
- <SYSTEM32>\kd.vbs
- <LS_APPDATA>\Microsoft\Internet Explorer\Recovery\High\Active\{867E4E9E-D4EC-11E4-8F79-E001A4B4E4F2}.dat
- %TEMP%\~DF3282745243FACB11.TMP
- <LS_APPDATA>\Microsoft\Internet Explorer\Recovery\High\Active\{797766C1-D4EC-11E4-8F79-E001A4B4E4F2}.dat
- DNS ASK ie#####t.microsoft.com
- DNS ASK ie#####e.microsoft.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK go.###rosoft.com
- DNS ASK www.yy.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''