Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Myforce Service] 'Start' = '00000002'
- <SYSTEM32>\svcmfwin.exe /start
- <SYSTEM32>\svcmfwin.exe
- <SYSTEM32>\svcmfwin.da.exe /stop
- <SYSTEM32>\svcmfwin.exe /i
- %WINDIR%\explorer.exe
- %PROGRAM_FILES%\Myforce\myforces.da_
- %PROGRAM_FILES%\Myforce\myforceb.da
- %PROGRAM_FILES%\Myforce\myforceb.da_
- %PROGRAM_FILES%\Myforce\myforces.da
- %PROGRAM_FILES%\Myforce\uninst.exe
- %PROGRAM_FILES%\Myforce\myforcer.exe.da
- %PROGRAM_FILES%\Myforce\myforcer.exe.da_
- <SYSTEM32>\svcmfwin.da
- %TEMP%\nsp2.tmp\nsProcEx.dll
- %TEMP%\nsp2.tmp\System.dll
- %TEMP%\nsp2.tmp\SelfDel.dll
- %TEMP%\nsp2.tmp\myforces.da_
- <SYSTEM32>\svcmfwin.da_
- %TEMP%\nsp2.tmp\nsProcess.dll
- %TEMP%\nsp2.tmp\myforces.dll
- %TEMP%\nsp2.tmp\nsProcess.dll
- %TEMP%\nsp2.tmp\myforces.dll
- %TEMP%\nsp2.tmp\nsProcEx.dll
- %TEMP%\nsp2.tmp\System.dll
- %TEMP%\nsp2.tmp\SelfDel.dll
- <SYSTEM32>\svcmfwin.da_
- %TEMP%\nsp2.tmp\myforces.da_
- %PROGRAM_FILES%\Myforce\myforceb.da_
- %PROGRAM_FILES%\Myforce\myforcer.exe.da_
- %PROGRAM_FILES%\Myforce\myforces.da_
- 'my###ce.co.kr':80
- my###ce.co.kr/apps/act.php?_p#################################################################################################
- DNS ASK do#####d.myforce.co.kr
- DNS ASK my###ce.co.kr