Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'KSM10' = '<Полный путь к файлу> /s'
- %TEMP%\7z.dll
- %TEMP%\Download\download\zlib1.dll
- %TEMP%\Download\download\msvcr71.dll
- %TEMP%\Download\download\msvcp71.dll
- %TEMP%\Download\download\minizip.dll
- %TEMP%\Download\download\id.dat
- %TEMP%\Download\download\download_engine.dll
- %TEMP%\Download\download\dl_peer_id.dll
- %TEMP%\Download\download\atl71.dll
- %TEMP%\Download\download\XLBugReport.exe
- %TEMP%\Download\download\XLBugHandler.dll
- %TEMP%\Download\download\ThunderFW.exe
- %TEMP%\Download\download\MiniThunderPlatform.exe
- %TEMP%\Download\download\MiniTPFw.exe
- %TEMP%\XMDownload
- %TEMP%\7z.exe
- %TEMP%\Download\xldl.dll
- %TEMP%\NEWKMSINFO.ini
- 'localhost':1036
- 'do##.#uckyboy.cn':80
- http://do##.#uckyboy.cn/KMS.nin
- DNS ASK do##.#uckyboy.cn
- '%TEMP%\7z.exe' x %TEMP%\XMDownload -y -o%TEMP%\
- '<SYSTEM32>\cmd.exe' /c %TEMP%\7z.exe x %TEMP%\XMDownload -y -o%TEMP%\