Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Power' = '%WINDIR% Temp\winitb.exe'
- '%WINDIR% Temp\winitb.exe' (загружен из сети Интернет)
- '%WINDIR% Temp\winitb.exe'
- %WINDIR% Temp\winitb.exe
- 'www.71##000.cn':80
- 'www.jj##c9.cn':80
- 'localhost':1037
- http://www.71##000.cn/b/QQ%D1%86%C2%A6%D1%94%D0%95%D0%99%D0%BA%D0%97%D0%BB%D2%91%D1%83%D0%9A%C2%A6.html
- http://www.jj##c9.cn/b/winitb.exe
- DNS ASK www.71##000.cn
- DNS ASK www.jj##c9.cn
- ClassName: 'SysDateTimePick32' WindowName: ''
- ClassName: 'SysIPAddress32' WindowName: ''
- ClassName: 'SysTreeView32' WindowName: ''
- ClassName: 'msctls_updown32' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'SysHeader32' WindowName: ''
- ClassName: 'ComboBox' WindowName: ''
- ClassName: 'Edit' WindowName: ''
- ClassName: 'BUTTON' WindowName: ''
- ClassName: 'msctls_trackbar32' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'ListBox' WindowName: ''
- ClassName: 'msctls_progress32' WindowName: ''