Техническая информация
- [<HKLM>\SOFTWARE\Classes\kaifu\shell\open\command] '' = '"<Полный путь к вирусу>" -url="%1" -from=reg_kaifu'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\version[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\user.youxiqun[1]
- 'us##.#ouxiqun.com':80
- 'localhost':1036
- us##.#ouxiqun.com/Pcsdk/version
- us##.#ouxiqun.com/?m=################
- us##.#ouxiqun.com/?m=#######################################################
- DNS ASK us##.#ouxiqun.com
- ClassName: 'msctls_updown32' WindowName: '(null)'
- ClassName: 'SysHeader32' WindowName: '(null)'
- ClassName: 'SysIPAddress32' WindowName: '(null)'
- ClassName: 'SysDateTimePick32' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Static' WindowName: '(null)'
- ClassName: 'ToolbarWindow32' WindowName: '(null)'
- ClassName: 'ComboBox' WindowName: '(null)'
- ClassName: 'msctls_trackbar32' WindowName: '(null)'
- ClassName: 'BUTTON' WindowName: '(null)'
- ClassName: 'Edit' WindowName: '(null)'
- ClassName: 'SysListView32' WindowName: '(null)'
- ClassName: 'SysTreeView32' WindowName: '(null)'
- ClassName: 'msctls_progress32' WindowName: '(null)'
- ClassName: 'ListBox' WindowName: '(null)'