Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe webhelp.exe'
- 'C:\dwnSetup\webhelp.exe' /first
- '<SYSTEM32>\cmd.exe' /c "%HOMEPATH%\Cookies\~Delbat01.bat"
- '%WINDIR%\regedit.exe' /s "C:\dwnSetup\arun.reg"
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\eaci8Twgy.dll
- C:\dwnSetup\arun.reg
- %HOMEPATH%\Cookies\~Delbat01.bat
- <SYSTEM32>\wbem\GJZIQWUGYNYB.DLL
- <SYSTEM32>\wbem\TBVIFCFJAL.MDA
- <DRIVERS>\webhelp.drv
- C:\dwnSetup\webshow.dll
- C:\dwnSetup\webhelp.exe
- <SYSTEM32>\webhelp.exe
- <DRIVERS>\webshow.drv
- <SYSTEM32>\webshow.dll
- C:\dwnSetup\arun.reg
- 'www.hj##123.com':80
- 'www.hc##0.com':80
- www.hj##123.com/dfiles/txt/corphff.txt
- www.hc##0.com/
- DNS ASK www.hj##123.com
- DNS ASK www.hc##0.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''