Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '±Ј»¤1' = '%PROGRAM_FILES%\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '±Ј»¤їуКЇ1' = '%PROGRAM_FILES%\svchoat.exe'
- '%PROGRAM_FILES%\3306.exe'
- '%PROGRAM_FILES%\svchost.exe'
- '%PROGRAM_FILES%\3306.exe' (загружен из сети Интернет)
- '%PROGRAM_FILES%\svchost.exe' (загружен из сети Интернет)
- %PROGRAM_FILES%\c790299.zip
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\c790299[1].zip
- %PROGRAM_FILES%\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\yqdd[1].exe
- %PROGRAM_FILES%\3306.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\3306[1].exe
- %PROGRAM_FILES%\1.zip
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\1[1].zip
- 'yk.##y0823.com':80
- yk.##y0823.com/kuangshi/c790299.zip
- yk.##y0823.com/kuangshi/yqdd.exe
- yk.##y0823.com/kuangshi/3306.exe
- yk.##y0823.com/kuangshi/1.zip
- DNS ASK yk.##y0823.com
- ClassName: 'ToolbarWindow32' WindowName: '(null)'
- ClassName: 'QVODNETOREMAINWND' WindowName: '????????????'
- ClassName: 'SysPager' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'TrayNotifyWnd' WindowName: '(null)'