Техническая информация
- '%WINDIR%\regedit.exe' /s "<Текущая директория>\ITBARLAYOUT.reg"
- '<SYSTEM32>\rundll32.exe' 2X15o.dll,load 1hRHvaAh.dll
- %WINDIR%\Explorer.EXE
- %TEMP%\5173Favicon.ico
- %TEMP%\Tao123Favicon.ico
- %TEMP%\Version.txt
- <Текущая директория>\ITBARLAYOUT.reg
- %TEMP%\TaobaoFavicon.ico
- <SYSTEM32>\pmonitor.tmp
- <SYSTEM32>\k0PLp2Z.dll
- <SYSTEM32>\1hRHvaAh.dll
- <SYSTEM32>\2X15o.dll
- <SYSTEM32>\pmonitor.tmp
- %TEMP%\Version.txt
- <Текущая директория>\ITBARLAYOUT.reg
- '<IP-адрес в локальной сети>':53
- 'cl###.rtmedia.cn':80
- '12#.#25.114.144':80
- 'cn##n.com':80
- 'www.ba###bar.info':80
- cn##n.com/6lV4
- 12#.#25.114.144/ecom?di##################################################################
- cl###.rtmedia.cn/d.aspx
- cn##n.com/aEi4
- www.ba###bar.info/rtbho.xml
- cn##n.com/pTg4
- DNS ASK cl###.rtmedia.cn
- DNS ASK cb.##idu.com
- DNS ASK cn##n.com
- DNS ASK www.ba###bar.info
- '25#.#55.255.255':32336
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'Progman' WindowName: 'Program Manager'