Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{08315C1A-9BA9-4B7C-A432-26885F78DF28}' = ''
- 'C:\Down(131220).exe'
- 'C:\Down(131220).exe' (загружен из сети Интернет)
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\_je.bat" "
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\v[1].exe
- C:\Down(131220).exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\rejoi.vxd
- <Текущая директория>\_je.bat
- %CommonProgramFiles%\Microsoft Shared\MSInfo\rejoi.vxd
- 'ya#####1.117.tofor.com':80
- 'localhost':1036
- ya#####1.117.tofor.com/lucky/v.exe
- DNS ASK ya#####1.117.tofor.com
- ClassName: 'ListBox' WindowName: 'xr, wo xiang ni'
- ClassName: 'ListBox' WindowName: 'xr, wo ai ni'
- ClassName: 'ListBox' WindowName: 'xr, wo xi?7g ni'