Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CCB Start' = '<SYSTEM32>\WYLSXB\CCB.exe'
- <Текущая директория>\CF_G4box.exe
- <SYSTEM32>\WYLSXB\CCB.exe
- Библиотека-обработчик для всех процессов: <SYSTEM32>\WYLSXB\CCB.001
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\index1[1].asp
- <Текущая директория>\CF_G4box.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\index1[2].asp
- <SYSTEM32>\WYLSXB\CCB.005
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\index1[1].asp
- <SYSTEM32>\WYLSXB\CCB.001
- <SYSTEM32>\WYLSXB\CCB.004
- <SYSTEM32>\WYLSXB\CCB.002
- <SYSTEM32>\WYLSXB\CCB.exe
- <SYSTEM32>\WYLSXB\AKV.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\index1[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\index1[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\index1[2].asp
- 'cr#####re.z8game.com':80
- 'localhost':1034
- cr#####re.z8game.com/notice/login_ad/index1.asp
- cr#####re.z8game.com/notice/login_small/index1.asp
- cr#####re.z8game.com/notice/login_big/index1.asp
- DNS ASK cr#####re.z8game.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: 'AKLMW'
- ClassName: 'Shell_TrayWnd' WindowName: ''