Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{930DA3EC-CFF6-B627-E5A3-924A9855E36D}] 'stubpath' = ''
- <SYSTEM32>\reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{930DA3EC-CFF6-B627-E5A3-924A9855E36D}" /f
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\328cda65959ad93f7cdeccc2[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\main_hot[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\5fe46b2f5d25b4afaf48f548[1]
- <SYSTEM32>\V3Medic.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\blog_ae8a2bf701015w1q[1].html
- 'www.in##060.com':80
- 'hi.##idu.com':80
- 'bl##.#ina.com.cn':80
- hi.##idu.com/lokisqq/item/328cda65959ad93f7cdeccc2
- www.in##060.com/images/main_hot.jpg
- bl##.#ina.com.cn/s/blog_ae8a2bf701015w1q.html
- hi.##idu.com/poialw/item/5fe46b2f5d25b4afaf48f548
- DNS ASK www.in##060.com
- DNS ASK hi.##idu.com
- DNS ASK bl##.#ina.com.cn