Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{ED9E18BB-C750-4641-9503-9CE2B8B2DE12}' = ''
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\_Ms.bat" "
- <Текущая директория>\_Ms.bat
- %CommonProgramFiles%\Microsoft Shared\MSInfo\System76.Ins
- %CommonProgramFiles%\Microsoft Shared\MSInfo\System64.jmp
- %CommonProgramFiles%\Microsoft Shared\MSInfo\System64.jmp
- %CommonProgramFiles%\Microsoft Shared\MSInfo\System64.jmp
- 'xx#.#000wyt.com':80
- 'www.12#.com':80
- http://xx#.#000wyt.com/dn.txt
- http://www.12#.com/
- DNS ASK xx#.#000wyt.com
- DNS ASK www.12#.com
- ClassName: 'xxx' WindowName: 'zzz'
- ClassName: 'ListBox' WindowName: 'lmlmlmlm'
- ClassName: 'ListBox' WindowName: 'blblblbl'