Техническая информация
Изменения в файловой системе
Создает следующие файлы
- %APPDATA%\macromedia\flash player\macromedia.com\support\flashplayer\sys\#img.uu1001.cn\settings.sxx
- %APPDATA%\macromedia\flash player\macromedia.com\support\flashplayer\sys\settings.sxx
- %APPDATA%\macromedia\flash player\#sharedobjects\gr8by44n\img.uu1001.cn\bc.sxx
Удаляет следующие файлы
- %APPDATA%\macromedia\flash player\macromedia.com\support\flashplayer\sys\#img.uu1001.cn\settings.sol
- %APPDATA%\macromedia\flash player\#sharedobjects\gr8by44n\img.uu1001.cn\bc.sol
Перемещает следующие файлы
- %APPDATA%\macromedia\flash player\macromedia.com\support\flashplayer\sys\#img.uu1001.cn\settings.sxx в %APPDATA%\macromedia\flash player\macromedia.com\support\flashplayer\sys\#img.uu1001.cn\settings.sol
- %APPDATA%\macromedia\flash player\#sharedobjects\gr8by44n\img.uu1001.cn\bc.sxx в %APPDATA%\macromedia\flash player\#sharedobjects\gr8by44n\img.uu1001.cn\bc.sol
Подменяет следующие файлы
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
- %APPDATA%\macromedia\flash player\macromedia.com\support\flashplayer\sys\#img.uu1001.cn\settings.sxx
- %APPDATA%\macromedia\flash player\macromedia.com\support\flashplayer\sys\#img.uu1001.cn\settings.sol
- %APPDATA%\macromedia\flash player\#sharedobjects\gr8by44n\img.uu1001.cn\bc.sxx
- %APPDATA%\macromedia\flash player\#sharedobjects\gr8by44n\img.uu1001.cn\bc.sol
Сетевая активность
TCP
Запросы HTTP GET
- http://www.mh##g.com/images/v7/cms.css
- http://www.mh##g.com/images/icons/ico_souhu.gif
- http://www.mh##g.com/images/icons/ico_51.gif
- http://www.mh##g.com/images/icons/ico_baidu.gif
- http://www.mh##g.com/images/icons/ico_163_16.gif
- http://www.mh##g.com/images/icons/ico_tianya.png
- http://www.mh##g.com/images/icons/ico_baidu_16x16.png
- http://www.mh##g.com/images/icons/ico_139.gif
- http://www.mh##g.com/images/icons/ico_tao.png
- http://www.mh##g.com/images/icons/feixin_14px.png
- http://www.mh##g.com/images/icons/ico_kaixin.gif
- http://www.mh##g.com/images/icons/ico_dou_16x16.png
- http://www.mh##g.com/images/icons/ico_msn.png
- http://www.mh##g.com/images/icons/ico_pengyou.png
- http://www.mh##g.com/images/icons/ico_mop.gif
- http://www.mh##g.com/images/icons/ico_sina.gif
- http://www.mh##g.com/do/yzimg.php?0.###############
- http://www.mh##g.com/images/default/faceicon/2.gif
- http://11#.#.6.134:8080/scripts/businessLicense.js?id################################# via 11#.9.6.134
- http://www.mh##g.com/images/default/faceicon/3.gif
- http://www.mh##g.com/images/v7/footbg.gif
- http://www.mh##g.com/a_d/a_d_s.php?jo#######################
- http://www.mh##g.com/images/default/bt_bg.gif
- http://www.mh##g.com/do/a_d_s.php?jo#######################
- http://www.mh##g.com/images/default/faceicon/14.gif
- http://www.mh##g.com/images/default/faceicon/13.gif
- http://www.mh##g.com/images/default/faceicon/12.gif
- http://www.mh##g.com/images/default/faceicon/11.gif
- http://www.mh##g.com/images/default/faceicon/10.gif
- http://www.mh##g.com/images/default/faceicon/9.gif
- http://www.mh##g.com/images/default/faceicon/8.gif
- http://www.mh##g.com/images/default/faceicon/7.gif
- http://www.mh##g.com/images/default/faceicon/6.gif
- http://www.mh##g.com/images/default/faceicon/5.gif
- http://www.mh##g.com/images/default/faceicon/4.gif
- http://www.mh##g.com/images/icons/ico_renren.gif
- http://www.mh##g.com/images/default/faceicon/1.gif
- http://www.mh##g.com/do/jsarticle.php?fi##############################################################
- http://fp######ad2.macromedia.com/get/flashplayer/update/current/install/version.xml19.0.0.207~installVector=2&lang=en&cpuWordLength=64&playerType=ax&os=win&osVer=13
- http://www.mh##g.com/images/default/head_bg.gif
- http://www.mh##g.com/images/v7/menu_spacing.gif
- http://www.mh##g.com/images/v7/menuon.gif
- http://www.mh##g.com/images/1.swf
- http://www.mh##g.com/images/v7/header_menu.gif
- http://www.mh##g.com/images/v7/logo_bg.gif
- http://www.mh##g.com/do/hack.php?ha###########################################
- http://www.mh##g.com/images/default/ico_loading3.gif
- http://www.mh##g.com/images/v7/topbga.gif
- http://www.mh##g.com/images/default/bencandy.js
- http://www.mh##g.com/images/default/jquery-1.2.6.min.js
- http://www.mh##g.com/images/default/swfobject.js
- http://www.mh##g.com/images/default/default.js
- http://www.mh##g.com/images/default/inc.js
- http://www.mh##g.com/images/v7/style.css
- http://www.mh##g.com/do/job.php?jo##############
- http://www.mh##g.com/images/default/cookie.js
- http://im#.#u1001.cn/swf2/2012-02-05/09-59/ebf56787569b05237c3b80c0fc8cd95e.swf
- http://www.mh##g.com/images/default/hd_a1.gif
- http://im#.#u1001.cn/swf2/2012-02-05/09-58/f74d1654e1d45a836f6b62ad3f8d8a94.swf
- http://im#.#u1001.cn/materials/original/2010-08-31/15-57/dcfb99fbaae36a531a65433fc745609d3d02286d.swf
- http://im#.#u1001.cn/materials/original/2010-09-01/14-46/e10107a471ff580706d597cec3d9c985ebafbaeb.swf
- http://im#.#u1001.cn/materials/original/2011-08-30/11-24/7ef0070f43345556c60bff62dc37bb5ae534c35a.png
- http://im#.#u1001.cn/materials/original/2011-08-30/11-24/3966ad1f274aa9e1130f17beb650705d302a9ce1.png
- http://im#.#u1001.cn/materials/original/2010-09-01/19-02/80ad40a2ea91c0a9ec9a3cc642c7d8e3a84335ea.swf
- http://im#.#u1001.cn/materials/original/2010-09-03/17-57/98dc0c111b98700784ceca4535ba554ab9278452.swf
- http://www.mh##g.com/do/comment_ajax.php?fi#################################
- http://im#.#u1001.cn/materials/original/2011-08-30/11-24/514ed4d76b183f9653990bd68445adf1640667f0.jpg
- http://www.mh##g.com/images/icons/ico_Qzone.gif
- http://www.mh##g.com/images/icons/ico_qq_t.png
- http://im#.#u1001.cn/materials/original/2011-08-30/11-24/db7d70040f495e9646f2d15428e7abe0e8d164d8.jpg
- http://im#.#u1001.cn/src/as3/m/bc.swf?v=#####
- http://www.mh##g.com/images/v7/home_icon.gif
- http://im#.#u1001.cn/bcv3.swf?v=########
- http://www.mh##g.com/do/jsarticle.php?fi#####################################################
- http://11#.#.6.134:8080/ei/Ei!readEiImgByMemory.action via 11#.9.6.134
UDP
- DNS ASK mh##g.com
- DNS ASK fp######ad2.macromedia.com
- DNS ASK im#.#u1001.cn
- DNS ASK lo#.#u1001.cn
- DNS ASK qq###.user.55.la
Другое
Ищет следующие окна
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
