Техническая информация
- '%TEMP%\RarSFX0\kithgez.exe'
- '%WINDIR%\kithgez_x.exe'
- '%TEMP%\RarSFX0\notepad.exe'
- '%TEMP%\RarSFX0\kithgez_.exe'
- '%WINDIR%\kithgez_x.exe' (загружен из сети Интернет)
- '<SYSTEM32>\regsvr32.exe' "%WINDIR%\cswskax5.ocx" /s
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\regsvr32.exe' "%WINDIR%\msinet.ocx" /s
- '<SYSTEM32>\regsvr32.exe' "%WINDIR%\MSVBVM60.dll" /s
- '<SYSTEM32>\regsvr32.exe' "%WINDIR%\regobj.dll" /s
- %WINDIR%\regobj.dll
- %WINDIR%\MSVBVM60.dll
- %TEMP%\RarSFX0\kithgez.exe
- %WINDIR%\kithgez_x.exe
- %WINDIR%\cswskax5.ocx
- %WINDIR%\msinet.ocx
- %TEMP%\RarSFX0\MSVBVM60.DLL
- %TEMP%\RarSFX0\notepad.exe
- %TEMP%\RarSFX0\kithgez_.exe
- %TEMP%\RarSFX0\cswskax5.ocx
- %TEMP%\RarSFX0\MSINET.OCX
- %TEMP%\RarSFX0\regobj.dll
- %TEMP%\RarSFX0\kithgez.exe
- %TEMP%\RarSFX0\cswskax5.ocx
- 'jo#####l.yolasite.com':80
- jo#####l.yolasite.com/resources/xt.ba3
- DNS ASK jo#####l.yolasite.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''