Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'commone' = '%HOMEPATH%\AppData\Local\VirtualStore\commone.exe 15'
- iexplore.exe
- %TEMP%\~tmp17.com
- %TEMP%\hh.txt
- %TEMP%\~tm10.tmp
- %HOMEPATH%\AppData\Local\VirtualStore\iexplore.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\88888888[1].html
- %HOMEPATH%\AppData\Local\VirtualStore\commone.exe
- '20#.#6.232.182':80
- '16#.#35.72.162':80
- '15###-90-32.com':80
- http://16#.#35.72.162/root/RedGirl/ip/88888888.html
- http://www.15###-90-32.com/root/RedGirl/ip/88888888.html via 15###-90-32.com
- DNS ASK www.15###-90-32.com
- '%TEMP%\~tmp17.com' 15
- '%TEMP%\~tm10.tmp' 16
- '%HOMEPATH%\AppData\Local\VirtualStore\iexplore.exe'
- '<SYSTEM32>\notepad.exe' %TEMP%\\hh.txt
- '<SYSTEM32>\reg.exe' ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v commone /t REG_SZ /d "%HOMEPATH%\AppData\Local\VirtualStore\commone.exe 15" /f