Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\EventSystemRoot] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\EventSystemRoot] 'ImagePath' = '<SYSTEM32>\svchost.exe -k imgsvc'
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- %WINDIR%\win2622900.ocx
- C:\wintemp.ini
- %ProgramFiles(x86)%\google\google.html
- C:\skin.jpg
- C:\program
- C:\wintemp.ini
- C:\wintemp.ini
- 'fm####.publicvm.com':3313
- DNS ASK fm####.publicvm.com
- DNS ASK ai.#####.com.haoqimi.com
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\Win2622900.ocx",CaoniM' (со скрытым окном)
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\Win2622900.ocx",CaoniM
- '%WINDIR%\syswow64\rundll32.exe' "%ProgramFiles(x86)%\google\google.html",main
- '<SYSTEM32>\svchost.exe' -k netsvcs