Техническая информация
- '<SYSTEM32>\DllHost.exe' /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
- %PROGRAM_FILES%\ffmovie\·Е·ЕУ°КУ.url
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\·Е·ЕУ°КУ\Website.lnk
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\·Е·ЕУ°КУ\·Е·ЕУ°КУ.lnk
- %HOMEPATH%\Desktop\·Е·ЕУ°КУ.lnk
- %PROGRAM_FILES%\ffmovie\back.htm
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\·Е·ЕУ°КУ\Uninstall.lnk
- %PROGRAM_FILES%\ffmovie\uninst.exe
- %TEMP%\nsnA5B1.tmp\System.dll
- %TEMP%\nsnA5B1.tmp\FindProcDLL.dll
- %TEMP%\nsdA2F3.tmp\System.dll
- %TEMP%\nsdA2F3.tmp\FindProcDLL.dll
- %TEMP%\nsnA5B1.tmp\config.txt
- %PROGRAM_FILES%\ffmovie\play.exe
- %TEMP%\nsnA5B1.tmp\inetc.dll
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\other[1].txt
- %TEMP%\nsnA5B1.tmp\inetc.dll
- %TEMP%\nsnA5B1.tmp\System.dll
- %TEMP%\nsnA5B1.tmp\config.txt
- %TEMP%\nsnA5B1.tmp\FindProcDLL.dll
- 'po##.lssen.cn':80
- 'do######ig.b0.upaiyun.com':80
- do######ig.b0.upaiyun.com/other.txt
- po##.lssen.cn/ff.php
- DNS ASK po##.lssen.cn
- DNS ASK do######ig.b0.upaiyun.com
- ClassName: 'CicLoaderWndClass' WindowName: '(null)'