Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'run' = '%CommonProgramFiles%\bvhafhgsa\yrtadgsg.exe'
- %CommonProgramFiles%\yrtadgsg.exe
- %CommonProgramFiles%\yrtadgsg.exe
- %CommonProgramFiles%\bvhafhgsa\alcxmntr.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\123[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\123[1].php
- %TEMP%\E_4\RegEx.fne
- %TEMP%\E_4\internet.fne
- %TEMP%\E_4\krnln.fnr
- %TEMP%\E_4\shell.fne
- %TEMP%\E_4\HtmlView.fne
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\123[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\123[1].php
- %CommonProgramFiles%\bvhafhgsa\alcxmntr.exe в %CommonProgramFiles%\bvhafhgsa\yrtadgsg.exe
- 'www.ji###andian.com':80
- www.ji###andian.com/edison123/123.php
- DNS ASK www.ji###andian.com
- ClassName: 'Shell_TrayWnd' WindowName: ''