Техническая информация
- [<HKLM>\SOFTWARE\Classes\xslfile\shell\Open\command] '' = ''
- [<HKLM>\SOFTWARE\Classes\xmlfile\shell\Open\command] '' = ''
- '<SYSTEM32>\regsvr32.exe' /s wolong.dll
- '<SYSTEM32>\regsvr32.exe' /s C:/Windows/system32/msxml3.dll
- %TEMP%\RGID.tmp
- %TEMP%\RGIE.tmp
- %TEMP%\RGIC.tmp
- %TEMP%\RGIA.tmp
- %TEMP%\RGIB.tmp
- %TEMP%\RGI12.tmp
- %TEMP%\RGI13.tmp
- %TEMP%\RGI11.tmp
- %TEMP%\RGIF.tmp
- %TEMP%\RGI10.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a3c2da1a5f6daa10d0d66dd7[1]
- %TEMP%\RGI4.tmp
- %TEMP%\3.tmp
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- %TEMP%\RGI8.tmp
- %TEMP%\RGI9.tmp
- %TEMP%\RGI7.tmp
- %TEMP%\RGI5.tmp
- %TEMP%\RGI6.tmp
- %TEMP%\RGID.tmp
- %TEMP%\RGIE.tmp
- %TEMP%\RGIB.tmp
- %TEMP%\RGIC.tmp
- %TEMP%\RGIF.tmp
- %TEMP%\RGI12.tmp
- %TEMP%\RGI13.tmp
- %TEMP%\RGI10.tmp
- %TEMP%\RGI11.tmp
- %TEMP%\RGIA.tmp
- %TEMP%\3.tmp
- %TEMP%\RGI4.tmp
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- %TEMP%\RGI5.tmp
- %TEMP%\RGI8.tmp
- %TEMP%\RGI9.tmp
- %TEMP%\RGI6.tmp
- %TEMP%\RGI7.tmp
- '12#.#25.114.144':80
- 12#.#25.114.144/xqcqkiaopmbejoq/item/a3c2da1a5f6daa10d0d66dd7
- DNS ASK hi.##idu.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'