Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1hYCyln6' = '%TEMP%\1hYCyln6.exe'
- %TEMP%\1hYCyln6.exe
- %TEMP%\update.exe
- <SYSTEM32>\cmd.exe /c ""%HOMEPATH%\Local Settings\TempWM_FUINS.bat" "
- %TEMP%\1hycyln6
- %HOMEPATH%\Local Settings\TempWM_FUINS.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\update9[1].xml
- %TEMP%\update.exe
- %TEMP%\1hYCyln6.exe
- %TEMP%\1hycyln6
- %TEMP%\update.exe
- %TEMP%\1hycyln6
- 'do######.statblaster.com':80
- do######.statblaster.com/updatestats/update9.xml
- DNS ASK do######.statblaster.com