Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ZS' = '%APPDATA%\svchost.exe'
- '%APPDATA%\svchost.exe'
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="ZS" program="%APPDATA%\svchost.exe" dir=Out action=allow
- %APPDATA%\sqlite3.dll
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\sql[1].dll
- %APPDATA%\bs.dll
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\bs[1].dll
- %APPDATA%\svchost.exe:Zone.Identifier
- %APPDATA%\svchost.exe
- %APPDATA%\zs.dll
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\zs[1].dll
- 'da#####date.myjino.ru':80
- 'localhost':1038
- http://da#####date.myjino.ru/z/lib/bs.dll
- http://da#####date.myjino.ru/z/lib/sql.dll
- http://da#####date.myjino.ru/z/lib/zs.dll
- DNS ASK da#####date.myjino.ru