Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{51716C09-6B08-4CCF-B526-718E912C0573}' = ''
- %TEMP%\RarSFX0\BigFoot.exe
- %TEMP%\RarSFX0\updata.exe
- wow.exe
- 360tray.exe
- %WINDIR%\Fonts\eSEWZRdrSK3NeEJVy4.Ttf
- <SYSTEM32>\PERrGx5DkqSbQdwauCRQH.dll
- %TEMP%\RarSFX0\updata.exe
- %TEMP%\RarSFX0\BigFoot.exe
- %TEMP%\RarSFX0\updata.exe
- 're#.#-zone.com':80
- 'bf####tedx.178.com':80
- 'bf####tewt.178.com':80
- re#.#-zone.com/feed/feedbigfoot.php?m=####################################
- DNS ASK re#.#-zone.com
- DNS ASK bf####tedx.178.com
- DNS ASK bf####tewt.178.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''