Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XXXXXX03DD516E' = '%WINDIR%\XXXXXX03DD516E\svchsot.exe'
- %WINDIR%\system\ste1.exe
- %WINDIR%\system\ste.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cffkwg[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\71ty[1]
- %WINDIR%\system\ste1.exe
- <Текущая директория>\SkinH_EL.dll
- %WINDIR%\system\ste.exe
- <Текущая директория>\SkinH_EL.dll
- %WINDIR%\system\ste.exe в %WINDIR%\XXXXXX03DD516E\svchsot.exe
- 'www.71##.com':80
- 'localhost':8000
- 'cf####a.x3322.org':8000
- 'localhost':1035
- 'www.cf##wg.com':80
- www.cf##wg.com/eq.txt
- www.71##.com/
- www.cf##wg.com/erqu.txt
- www.cf##wg.com/
- DNS ASK www.71##.com
- DNS ASK cf####a.x3322.org
- DNS ASK www.cf##wg.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '??????????????'
- ClassName: 'MS_AutodialMonitor' WindowName: ''