Техническая информация
- '%TEMP%\RarSFX0\2.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\2.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\1.vbs"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\eee[1].htm
- <SYSTEM32>\ДЪґжґъВл.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ade[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\jslol[1]
- <SYSTEM32>\PinYin.ime
- %TEMP%\RarSFX0\2.vbs
- %TEMP%\RarSFX0\2.exe
- <SYSTEM32>\111.dll
- %TEMP%\RarSFX0\1.vbs
- %TEMP%\RarSFX0\2.exe
- %TEMP%\RarSFX0\1.vbs
- 'www.js##l.com':80
- 'localhost':1036
- www.js##l.com/ade.htm
- www.js##l.com/
- www.js##l.com/eee.htm
- DNS ASK www.ba##u.com
- DNS ASK www.js##l.com
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'CicLoaderWndClass' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'