Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ctfmon.exe' = '<SYSTEM32>\ctfmon.exe'
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\kill.bat""
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\ctfmon.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\e.ys168[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\xinwen520.ys168[1]
- <Текущая директория>\kill.bat
- <SYSTEM32>\FAPMShortcut.com
- %TEMP%\~DFCCF.tmp
- %TEMP%\~DFCD56.tmp
- <SYSTEM32>\dllcache\ctfmon.exe
- 'xi####520.ys168.com':80
- 'e.##168.com':80
- 'localhost':1035
- xi####520.ys168.com/
- e.##168.com/?xi#######
- DNS ASK xi####520.ys168.com
- DNS ASK e.##168.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Progman' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''