Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %TEMP%\IXP000.TMP\ykeykey.msi
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\VSD1.tmp\dotnetfx\dotnetchk.exe
- %TEMP%\VSD1.tmp\install.log
- %TEMP%\226f6.msi
- %TEMP%\MSI2.tmp
- 'wp#d':80
- '67.##5.160.76':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://tw.##.yahoo.com/referurl/keykey/client/installer/start/pc101394/*https://pclick.yahoo.com/p/s=2022974616/lng=b5/rand=1151791431 via 67.##5.160.76
- DNS ASK wp#d
- DNS ASK tw.##.yahoo.com
- '%TEMP%\IXP000.TMP\setup.exe'
- '%TEMP%\VSD1.tmp\dotnetfx\dotnetchk.exe'
- '%TEMP%\MSI2.tmp' begin
- '<SYSTEM32>\msiexec.exe' /V