Техническая информация
- [<HKLM>\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] '' = '%PROGRAM_FILES%\Internet Explorer\iexplore.exe http://www.baiduso.com/s/'
- [<HKLM>\SYSTEM\ControlSet001\Services\MYTIMER] 'Start' = '00000001'
- '%TEMP%\FTMTIwNDIz.exe' -i 192.168.0.189 get FFRMTIwNDIz.dat "%TEMP%\\FFRMTIwNDIz.dat"
- 'C:\nb\navi.exe'
- 'C:\nb\JKNBMS.exe'
- '<SYSTEM32>\net1.exe' stop WinMgmt /y
- '<SYSTEM32>\net.exe' stop WinMgmt /y
- C:\nb\MYTIMER.sys
- C:\nb\SoapWebService.dll
- C:\nb\ErrorLog.txt
- %TEMP%\FTMTIwNDIz.exe
- %TEMP%\FRMTIwNDIz.exe
- C:\nb\JLEncrypt.dll
- C:\nb\JKNBMS.exe
- C:\nb\nbmscc.ser
- C:\nb\navi.exe
- C:\nb\JKServerPS.dll
- C:\nb\SetParam.exe
- C:\nb\navi.exe
- 'www.92##.com':80
- '12#.#25.114.144':80
- '<IP-адрес в локальной сети>':2000
- www.92##.com/asb/up.txt
- 12#.#25.114.144/
- DNS ASK www.ba##u.com
- DNS ASK www.92##.com
- '<IP-адрес в локальной сети>':69
- 'localhost':69
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'