Техническая информация
- '%WINDIR%\regedit.exe' -s "%TEMP%\ekhvwc.reg"
- '<SYSTEM32>\rundll32.exe' "%TEMP%\ekhvwc.dll",CopyMyFile
- '<SYSTEM32>\rundll32.exe' "%TEMP%\ekhvwc.dll",ServiceMain
- '<SYSTEM32>\rundll32.exe' "%TEMP%\ekhvwc.dll",StartDll
- %TEMP%\00000b68.txt
- <SYSTEM32>\ekhvwc.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ip[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ip[1].txt
- %TEMP%\ekhvwc.sys
- %TEMP%\ekhvwc.dll
- %TEMP%\ekhvwc.reg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ip[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ip[1].txt
- %TEMP%\00000b68.txt
- 'www.le##zhi.com':80
- www.le##zhi.com/ip.txt
- DNS ASK www.le##zhi.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''