Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{ACADABAF-1000-0010-8000-10AA006D2EA4}' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- %WINDIR%\sleep.exe 1000
- <SYSTEM32>\ipconfig.exe /all
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\delete_downloader.bat
- <SYSTEM32>\attrib.exe -h -s -r -a <SYSTEM32>\delete_downloader.bat
- %WINDIR%\Explorer.EXE
- 360tray.exe
- <DRIVERS>\temp_package.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\logo2[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\logo3[1].gif
- <SYSTEM32>\system.dat
- <SYSTEM32>\delete_downloader.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\logo[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\logo3[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\logo2[1].gif
- 'o1#.cn':80
- 'o1.#1wy.com':80
- 'localhost':1035
- o1.#1wy.com/miss/logo3.gif
- o1#.cn/Counter/NewCounter.asp?Pa###################################################################
- o1.#1wy.com/miss/logo.gif
- o1.#1wy.com/miss/logo2.gif
- DNS ASK o1#.cn
- DNS ASK o1.#1wy.com