Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MouseApi' = '"<SYSTEM32>\foninfo.exe" /run'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FindApp' = '"<SYSTEM32>\devmain.exe" /run'
- <SYSTEM32>\devmain.exe (загружен из сети Интернет)
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\CSHttpClient.dll"
- <SYSTEM32>\reg.exe delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MadeTray /f
- <SYSTEM32>\reg.exe delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MainApp /f
- <SYSTEM32>\foninfo.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\devmain[1].exe
- <SYSTEM32>\devmain.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\CSHttpClient[1].dll
- <SYSTEM32>\CSHttpClient.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\foninfo[1].exe
- 'sm###ly.co.kr':80
- 'localhost':1034
- sm###ly.co.kr/da_made/devmain.exe
- sm###ly.co.kr/da_made/foninfo.exe
- sm###ly.co.kr/da_made/CSHttpClient.dll
- DNS ASK sm###ly.co.kr