Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %WINDIR%\Tasks\Kuho_Install_Program.job
- %TEMP%\_K10.tmp /S /v/qn /vendor=hj001
- %TEMP%\IXP000.TMP\ENRTIN~1.EXE hj001
- %TEMP%\_K10.tmp (загружен из сети Интернет)
- %TEMP%\_K10.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\kuho[1].exe
- %TEMP%\IXP000.TMP\ENRTIN~1.EXE
- %TEMP%\IXP000.TMP\ENRTIN~1.EXE
- %TEMP%\_K10.tmp
- %WINDIR%\Tasks\Kuho_Install_Program.job
- 'up###e.kuho.com':80
- 'localhost':1035
- up###e.kuho.com/vendor1/kuho.exe
- DNS ASK up###e.kuho.com
- ClassName: 'Shell_TrayWnd' WindowName: ''