Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%PROGRAM_FILES%\Internet Explorer\2001.exe'
- '%TEMP%\IXP000.TMP\CHS.exe'
- '%TEMP%\IXP000.TMP\CHE.exe'
- '%PROGRAM_FILES%\Internet Explorer\2005.exe'
- '%PROGRAM_FILES%\Internet Explorer\2001.exe' (загружен из сети Интернет)
- '%PROGRAM_FILES%\Internet Explorer\2005.exe' (загружен из сети Интернет)
- %PROGRAM_FILES%\Internet Explorer\2005.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\2001[1].exe
- %PROGRAM_FILES%\Internet Explorer\2001.exe
- %TEMP%\IXP000.TMP\CHE.exe
- %TEMP%\IXP000.TMP\CHS.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\2005[1].exe
- %TEMP%\IXP000.TMP\CHE.exe
- %TEMP%\IXP000.TMP\CHS.exe
- 'localhost':1041
- 'www.hn###g.com.cn':80
- 'localhost':1038
- www.hn###g.com.cn/_private/_vti_cnf/heugexi/_ver/_vti_cnf/2001.exe
- www.hn###g.com.cn/_private/_vti_cnf/heugexi/_ver/_vti_cnf/2005.exe
- DNS ASK www.hn###g.com.cn