Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\°ІИ«јмІй.lnk
- <SYSTEM32>\IME\sykytht.exe
- <SYSTEM32>\wscript.exe "<SYSTEM32>\ime\sykytht.vbs"
- <SYSTEM32>\ping.exe -n 3 127.0
- <SYSTEM32>\xcopy.exe <SYSTEM32>\ime\°ІИ«јмІй.lnk "%ALLUSERSPROFILE%\Start Menu\Programs\Startup"
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\ime\sykytht.bat
- <SYSTEM32>\cmd.exe /c %WINDIR%\temp\exqa.bat
- %WINDIR%\regedit.exe /s <SYSTEM32>\ime\therun.reg
- <SYSTEM32>\IME\sykytht.bat
- <SYSTEM32>\IME\sykytht.exe
- <SYSTEM32>\IME\sykytht.vbs
- %WINDIR%\Temp\exqa.bat
- <SYSTEM32>\IME\therun.reg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\360[1].rar
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\abc[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\sykytht[1].rar
- <SYSTEM32>\IME\°ІИ«јмІй.lnk
- 'www.qq###hong.net':80
- 'www.vs##o.com':80
- 'www.16#.com':80
- 'localhost':1040
- www.vs##o.com/file/sykytht.rar
- www.vs##o.com/360.rar
- www.qq###hong.net/abc.htm
- DNS ASK www.vs##o.com
- DNS ASK www.qq###hong.net
- DNS ASK www.16#.com
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''