Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'EXTRAC64' = '<SYSTEM32>\EXTRAC64.EXE'
- <SYSTEM32>\EXTRAC64.EXE
- <SYSTEM32>\cmd.exe /c a.bat
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\msinet.ocx
- <Текущая директория>\a.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx[1]
- <SYSTEM32>\EXTRAC64.EXE
- <SYSTEM32>\MSINET.OCX
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx[1]
- 'xx###############xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.localdomain':80
- 'localhost':1037
- xx###############xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.localdomain/
- DNS ASK xx###############xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.localdomain