Техническая информация
- [<HKCU>\Software\Microsoft\Internet Explorer\Extensions\{000000A3-57A6-49EA-B96B-1428070E5924}] 'Exec' = 'http://cl.ilikeclick.com/?dts_code=100924491220365072000060391200000000000'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'mxwho' = '%APPDATA%\Microsoft\mxwho\upmxwho.exe'
- [<HKCU>\Software\Microsoft\Internet Explorer\Extensions\{000000A1-CA93-46BB-9D4A-DBD498CB8944}] 'Exec' = 'http://cl.ilikeclick.com/?dts_code=100378071220365072000060391200000000000'
- [<HKCU>\Software\Microsoft\Internet Explorer\Extensions\{000000A2-F93E-4C0B-87D5-490AEF45ADD3}] 'Exec' = 'http://cl.ilikeclick.com/?dts_code=100002701220365072000060391200000000000'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mxwho[1].ts3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\mxwho[1].ts2
- %HOMEPATH%\Favorites\11№ш°Ў АМµї.URL
- %HOMEPATH%\Favorites\Gё¶ДП АМµї.URL
- %HOMEPATH%\Favorites\їБјЗ АМµї.URL
- 'up####.mxwho.com':80
- 'localhost':1038
- 'co####r.mxwho.com':80
- up####.mxwho.com/mxwho.ts2
- up####.mxwho.com/mxwho.ts3
- co####r.mxwho.com/analysis/live.php?uq######
- DNS ASK up####.mxwho.com
- DNS ASK co####r.mxwho.com
- ClassName: 'Shell_TrayWnd' WindowName: ''