Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'BriefWind' = '<SYSTEM32>\BriefWind\svchost.exe'
- <SYSTEM32>\BriefWind\csrss.exe
- <SYSTEM32>\BriefWind\svchost.exe
- %WINDIR%\BSDLoc.dat
- %WINDIR%\test.ini
- <SYSTEM32>\BriefWind\Up\ybtsd.ini.cfg
- <SYSTEM32>\BriefWind\Up\ybtsd.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ybs[1].asp
- <SYSTEM32>\BriefWind\svchost.exe
- %TEMP%\nse2.tmp
- <SYSTEM32>\BriefWind\csrss.exe
- <SYSTEM32>\BriefWind\Uninstall.exe
- <SYSTEM32>\BriefWind\ybtsd.dat
- <SYSTEM32>\BriefWind\Up\ybtsd.ini.cfg
- '21#.#67.69.35':80
- '61.##2.238.176':80
- 61.##2.238.176/brightseed/ybs.asp?P=##########################