Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{0078EAF2-030A-466e-8DFA-C3BFE662E028}] 'StubPath' = 'wscript.exe "C:\intel\cc.js"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'c:\cache\iexplorer.exe,<SYSTEM32>\userinit.exe,'
- %TEMP%\RarSFX0\update.exe
- %WINDIR%\regedit.exe /s 11.reg
- <SYSTEM32>\wscript.exe "%TEMP%\RarSFX0\once.js"
- C:\intel\iexplorer.exe
- %TEMP%\RarSFX0\update.exe
- C:\cache\iexplorer.exe
- C:\intel\cc.js
- C:\intel\cc.bat
- %TEMP%\RarSFX0\cc.bat
- %TEMP%\RarSFX0\11.reg
- %TEMP%\RarSFX0\cc.js
- %TEMP%\RarSFX0\once.js
- %TEMP%\RarSFX0\once.bat
- %TEMP%\RarSFX0\once.bat
- %TEMP%\RarSFX0\once.js
- %TEMP%\RarSFX0\update.exe
- %TEMP%\RarSFX0\11.reg
- %TEMP%\RarSFX0\cc.bat
- %TEMP%\RarSFX0\cc.js
- 's5######.en0so1ck11go.com':8888
- 'c0######.en0so1ck11go.com':8888
- 'sh######5.en0so1ck11go.com':8888
- 'sk######3.en0so1ck11go.com':8888
- 'pr######.en0so1ck11go.com':8888
- DNS ASK s5######.en0so1ck11go.com
- DNS ASK c0######.en0so1ck11go.com
- DNS ASK sh######5.en0so1ck11go.com
- DNS ASK sk######3.en0so1ck11go.com
- DNS ASK pr######.en0so1ck11go.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''