Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\OSEvent] 'Start' = '00000002'
- <SYSTEM32>\s.exe
- <SYSTEM32>\tmp.exe
- <SYSTEM32>\s.exe -i
- <SYSTEM32>\s.exe -s
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\512U0NOG\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\GPAZ8TAJ\desktop.ini
- %WINDIR%\Temp\History\History.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\AE7NR20M\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\T1M3I200\desktop.ini
- %TEMP%\ma35rt\_uninstall
- %TEMP%\ma35rt\b.exe
- %TEMP%\ma35rt\b.exe.tmp
- %TEMP%\ma35rt\2.tmp
- %TEMP%\ma35rt\s.exe.tmp
- %TEMP%\ma35rt\tmp.exe
- %TEMP%\ma35rt\tmp.exe.tmp
- %TEMP%\ma35rt\s.exe
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\T1M3I200\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\AE7NR20M\desktop.ini
- %WINDIR%\Temp\History\History.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\512U0NOG\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\GPAZ8TAJ\desktop.ini
- %TEMP%\ma35rt\2.tmp
- %TEMP%\ma35rt\b.exe
- %TEMP%\ma35rt\_uninstall
- %TEMP%\ma35rt\b.exe.tmp
- %TEMP%\ma35rt\s.exe.tmp
- %TEMP%\ma35rt\tmp.exe.tmp
- '88#.#43call.cn':80
- '84##.#70304123.cn':80
- 84##.#70304123.cn/?&u###
- 88#.#43call.cn/sd.ini
- DNS ASK 88#.#43call.cn
- DNS ASK 84##.#70304123.cn
- '<IP-адрес в локальной сети>':1036