Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ':\Program Files\Common Files\svchtst.exe 2013627182429.exe' = '%CommonProgramFiles%\svchtst.exe 2013627182429.exe'
- '%CommonProgramFiles%\svchtst.exe 2013627182429.exe'
- 'C:\ХжРДVPNГв·С°ж0702.exe'
- 'C:\417.exe'
- '<SYSTEM32>\taskkill.exe' /f /im Ksafetray.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\2[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\2[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1[1].html
- C:\417.exe
- C:\ХжРДVPNГв·С°ж0702.exe
- C:\ХжРДVPNГв·С°ж0702.exe
- C:\417.exe
- C:\417.exe в %CommonProgramFiles%\svchtst.exe 2013627182429.exe
- 'qq.##jinpai.com':80
- 'www.qq###pai.com':80
- 'www.32##q.com':80
- 'localhost':1038
- 'xx#####1983.gicp.net':9000
- qq.##jinpai.com/new/vpn/mf-banben.txt
- www.qq###pai.com/e2g2/2.html
- qq.##jinpai.com/new/vpn/xianlu/qq.txt
- www.32##q.com/gg/1.html
- www.32##q.com/gg/2.html
- DNS ASK qq.##jinpai.com
- DNS ASK www.qq###pai.com
- DNS ASK xx#####1983.gicp.net
- DNS ASK www.32##q.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'E2GPRO.exe'