Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\fujianc] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\fujianc] 'ImagePath' = '%WINDIR%\temp\fujianc.sys'
- %TEMP%\aut1.tmp
- %TEMP%\dbc_fmadlmo\images\view1.jpg
- %TEMP%\aut9.tmp
- %TEMP%\dbc_fmadlmo\images\Inputbg.jpg
- %TEMP%\aut8.tmp
- %TEMP%\dbc_fmadlmo\images\Check3_2.jpg
- %TEMP%\aut7.tmp
- %TEMP%\dbc_fmadlmo\images\PicBut1_1.jpg
- %TEMP%\aut6.tmp
- %TEMP%\dbc_fmadlmo\images\Close_1.jpg
- %TEMP%\aut5.tmp
- %TEMP%\autA.tmp
- %TEMP%\dbc_fmadlmo\images\Min_1.jpg
- %TEMP%\dbc_fmadlmo\images\bg.jpg
- %TEMP%\aut3.tmp
- %WINDIR%\Temp\fjr777.ini
- %TEMP%\dbconline.exe
- %WINDIR%\twein.ini
- %WINDIR%\Temp\First.html
- %WINDIR%\twa1n.ini
- %WINDIR%\Temp\fujianc.sys
- %TEMP%\aut2.tmp
- %TEMP%\fjr777.exe
- %TEMP%\aut4.tmp
- %TEMP%\dbc_fmadlmo\images\But3_1.jpg
- %TEMP%\aut1.tmp
- %WINDIR%\Temp\fujianc.sys
- %TEMP%\aut2.tmp
- %TEMP%\fjr777.exe
- %TEMP%\aut3.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut5.tmp
- %TEMP%\aut6.tmp
- %TEMP%\aut7.tmp
- %TEMP%\aut8.tmp
- %TEMP%\aut9.tmp
- %TEMP%\autA.tmp
- '11#.#93.137.209':20001
- '11#.#93.137.209':80
- '11#.#93.211.11':20001
- '11#.#93.137.209':20000
- '11#.#93.211.11':20000
- 'tj##8.top':80
- http:///fjr777.ini via 11#.#93.137.209
- http://www.tj##8.top/tongji.php?us################################# via tj##8.top
- DNS ASK www.tj##8.top
- '%TEMP%\fjr777.exe'
- '%TEMP%\dbconline.exe'