Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{455624D9-6797-716E-2A9A-9313ADEF575F}] 'stubpath' = ''
- <SYSTEM32>\reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{455624D9-6797-716E-2A9A-9313ADEF575F}" /f
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\6cb9d3a0b1db08dd14329b4d[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\main_hot1[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\b46b81a13437645a6fd45589[1]
- <SYSTEM32>\V3Medic.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\blog_af5f75a301015gge[1].html
- 'www.in##060.com':80
- 'hi.##idu.com':80
- 'bl##.#ina.com.cn':80
- hi.##idu.com/opaoxf2/item/6cb9d3a0b1db08dd14329b4d
- www.in##060.com/images/main_hot1.jpg
- bl##.#ina.com.cn/s/blog_af5f75a301015gge.html
- hi.##idu.com/opaoxf1/item/b46b81a13437645a6fd45589
- DNS ASK www.in##060.com
- DNS ASK hi.##idu.com
- DNS ASK bl##.#ina.com.cn