Техническая информация
- %WINDIR%\sjhitgnd_008.exe
- %TEMP%\is-BHR98.tmp\sjhitgnd_008.tmp
- %TEMP%\is-VP3EM.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-VP3EM.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-VP3EM.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-VP3EM.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-VP3EM.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-VP3EM.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-BHR98.tmp\sjhitgnd_008.tmp
- 'localhost':1037
- '64##w.com':443
- 'ke##zyw.com':80
- 'localhost':1042
- http://www.ke##zyw.com/qq.txt via ke##zyw.com
- DNS ASK www.64##w.com
- DNS ASK www.ke##zyw.com
- DNS ASK dl.###ynnrb.club
- ClassName: '' WindowName: 'Microsoft Internet Explorer'
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- '%WINDIR%\sjhitgnd_008.exe'
- '%TEMP%\is-BHR98.tmp\sjhitgnd_008.tmp' /SL5="$10100,54272,54272,%WINDIR%\sjhitgnd_008.exe"
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -nohome
- '<SYSTEM32>\msiexec.exe' /V