Техническая информация
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\159A32V2-D4EB-A6D8-14AB-38ACD9369E3E" /v StubPath /t REG_SZ /d C:\CF-login\a.vbs /f
- <SYSTEM32>\cmd.exe /c C:\CF-login\b.bat
- C:\CF-login\a.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\tj888[1].asp
- C:\CF-login\a.bat
- C:\CF-login\QQ.exe
- C:\CF-login\b.bat
- 'ad###.ebankpay.info':80
- 'localhost':1036
- ad###.ebankpay.info/tj888.asp?id############################
- DNS ASK ad###.ebankpay.info