Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{95CA782F-62CE-4BB9-B3BC-F02C08861A5B}] 'Exec' = 'http://www.999w.com'
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}] 'Exec' = 'http://baidu.999w.com'
- %TEMP%\aut1.tmp
- %HOMEPATH%\Favorites\青苹果家园论坛.lnk
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %HOMEPATH%\Favorites\网址导航.lnk
- %TEMP%\aut4.tmp
- %TEMP%\aut5.tmp
- <SYSTEM32>\1.reg
- %TEMP%\aut6.tmp
- <SYSTEM32>\ie.ico
- %TEMP%\aut7.tmp
- <SYSTEM32>\1.ico
- %TEMP%\aut8.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut5.tmp
- %TEMP%\aut6.tmp
- %TEMP%\aut7.tmp
- %TEMP%\aut8.tmp
- <SYSTEM32>\1.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '%WINDIR%\regedit.exe' /s <SYSTEM32>\1.reg