Техническая информация
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\huacai.vbs"
- '<SYSTEM32>\reg.exe' ADD "HKEY_CLASSES_ROOT\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}" /v "InfoTip" /t REG_SZ /d "▓щ╒╥▓в╧╘╩╛ Internet ╔╧╡─╨┼╧в║══°╒╛" /f
- '<SYSTEM32>\reg.exe' ADD "HKEY_CLASSES_ROOT\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}"
- '<SYSTEM32>\reg.exe' ADD "HKEY_CLASSES_ROOT\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\DefaultIcon"
- '<SYSTEM32>\reg.exe' ADD "HKEY_CLASSES_ROOT\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}" /v "LocalizedString" /t REG_SZ /d "Internet Exploror" /f
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' http://45##.net/index2.html?hu####
- '<SYSTEM32>\cmd.exe' /C start /min iexplore http://45##.net/index2.html?hu####
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /v "{871C5380-42A0-1069-A2EA-08002B30309D}" /t REG_DWORD /d 1 /f
- '<SYSTEM32>\cmd.exe' /C .\to.cmd
- %TEMP%\RarSFX0\to.cmd
- %TEMP%\RarSFX0\run.cmd
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index2[1].html
- %TEMP%\RarSFX0\winare.vbs
- %TEMP%\RarSFX0\is.cmd
- %TEMP%\RarSFX0\361.cmd
- %TEMP%\RarSFX0\huacai.vbs
- %TEMP%\RarSFX0\iedw.ico
- %TEMP%\RarSFX0\copy.cmd
- '45##.net':80
- 'localhost':1037
- http://45##.net/index2.html?hu####
- DNS ASK 45##.net
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''