Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{ADA398D7-C515-2C8C-DBD5-8991DC5B8A69}] 'stubpath' = ''
- %WINDIR%\calc1.exe
- <SYSTEM32>\reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{ADA398D7-C515-2C8C-DBD5-8991DC5B8A69}" /f
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\b46b81a13437645a6fd45589[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\6cb9d3a0b1db08dd14329b4d[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\main_hot1[1].jpg
- %WINDIR%\calc1.exe
- <SYSTEM32>\V3Medic.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\blog_af5f75a301015gge[1].html
- %WINDIR%\calc1.exe
- 'www.in##060.com':80
- 'hi.##idu.com':80
- 'bl##.#ina.com.cn':80
- hi.##idu.com/opaoxf2/item/6cb9d3a0b1db08dd14329b4d
- www.in##060.com/images/main_hot1.jpg
- bl##.#ina.com.cn/s/blog_af5f75a301015gge.html
- hi.##idu.com/opaoxf1/item/b46b81a13437645a6fd45589
- DNS ASK www.in##060.com
- DNS ASK hi.##idu.com
- DNS ASK bl##.#ina.com.cn