Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cftvcn' = '%HOMEPATH%\AppData\Local\VirtualStore\mxtswkc.exe'
- '%HOMEPATH%\AppData\Local\VirtualStore\iexplore.exe'
- '%HOMEPATH%\AppData\Local\VirtualStore\mxtswkc.exe' 1
- iexplore.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\88888888[1].html
- %HOMEPATH%\AppData\Local\VirtualStore\iexplore.exe
- %HOMEPATH%\AppData\Local\VirtualStore\mxtswkc.exe
- 'www.15###_90_32.com':80
- '19#.#4.113.108':80
- '20#.#6.232.182':80
- http://www.15###_90_32.com/root/RedGirl/ip/88888888.html
- http://19#.#4.113.108/root/RedGirl/ip/88888888.html
- DNS ASK www.15###_90_32.com
- DNS ASK www.microsoft.com