Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{50632D5C-B71B-4ba0-B012-3DC6F15C011B}' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\winsync32] 'Start' = '00000002'
- <SYSTEM32>\Setup\en_1072.bin
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\xiao[1].txt
- %TEMP%\tmp3.tmp
- %TEMP%\tmp1.tmp
- <SYSTEM32>\msosiocp.dll
- %TEMP%\tmp2.tmp
- 'z1.#s-2.net':80
- 'localhost':1035
- z1.#s-2.net/xiao.txt
- DNS ASK z1.#s-2.net