Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{50D7649B-F068-2CBB-0AD0-AE6270B6EFE6}] 'stubpath' = ''
- <SYSTEM32>\reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{50D7649B-F068-2CBB-0AD0-AE6270B6EFE6}" /f
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\6cb9d3a0b1db08dd14329b4d[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\main_hot1[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\blog_af5f75a301015gge[1].html
- <SYSTEM32>\V3Medic.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\245640270[1].htm
- 'hi.##idu.com':80
- 'www.in##060.com':80
- 'i.##hu.com':80
- 'bl##.#ina.com.cn':80
- hi.##idu.com/opaoxf2/item/6cb9d3a0b1db08dd14329b4d
- www.in##060.com/images/main_hot1.jpg
- i.##hu.com/p/=v2=bbB1hkLz23Bm3MbhhmNvbQ==/blog/view/245640270.htm
- bl##.#ina.com.cn/s/blog_af5f75a301015gge.html
- DNS ASK hi.##idu.com
- DNS ASK www.in##060.com
- DNS ASK i.##hu.com
- DNS ASK bl##.#ina.com.cn