Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\SuperProServer] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\SuperProServer] 'ImagePath' = '%WINDIR%\Terms.exe'
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\caasbycl\n62[1].dll
- %ProgramFiles%\apppath\n62.dll
- %WINDIR%\terms.exe
- '62.##4.164.184':9090
- http://www.ms####luo.com:9292/N62.dll
- DNS ASK ms###gluo.com
- '%WINDIR%\terms.exe'