Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xyzDown] 'DllName' = 'xyzDown.dll'
- 'C:\systmp2.exe'
- '<SYSTEM32>\xyztmp.exe'
- 'C:\systmp2.exe' (загружен из сети Интернет)
- '<SYSTEM32>\cmd.exe' /c tmpkill.bat
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\css[1].css
- C:\systmp2.exe
- <SYSTEM32>\xyzDown.dll
- <SYSTEM32>\xyztmp.exe
- <Текущая директория>\tmpkill.bat
- <SYSTEM32>\xyzDown.dll
- <SYSTEM32>\xyztmp.exe
- C:\systmp2.exe
- '20#.#06.185.86':8202
- 'up####2.okshell.com':80
- '12#.#25.114.144':80
- 'localhost':1038
- up####2.okshell.com/css.css
- 12#.#25.114.144/index.html
- DNS ASK up####2.okshell.com
- DNS ASK www.ba##u.com