Техническая информация
- [<HKCU>\SYSTEM\CurrentControlSet\Services\AB1F0929] 'ImagePath' = '%WINDIR%\Fonts\1D6907CA.EXE -k'
- [<HKLM>\SYSTEM\ControlSet001\Services\AB1F0929] 'ImagePath' = '%WINDIR%\Fonts\1D6907CA.EXE -k'
- [<HKLM>\SYSTEM\ControlSet001\Services\AB1F0929] 'Start' = '00000002'
- '%WINDIR%\Fonts\1D6907CA.EXE' -k
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\Fonts\copy2090000.bat
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Fonts\llk1402531961.mp3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\update[1].txt
- <SYSTEM32>\s1402531961h.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\setup1012[1].txt
- %WINDIR%\Fonts\1D6907CA.EXE
- %WINDIR%\Fonts\copy2090000.bat
- %WINDIR%\Fonts\5F1C2F61.DLL
- %WINDIR%\Fonts\s3sds212.dat
- %WINDIR%\Fonts\llk1402531961.mp3
- <SYSTEM32>\s1402531961h.dat
- 'www.xi####.youkill.cn':80
- www.xi####.youkill.cn/xz//user/setup1012.txt
- www.xi####.youkill.cn/xz//update.txt
- DNS ASK www.xi####.youkill.cn