Техническая информация
- C:\hm04.exe
- C:\ОдХЯ.exe
- <SYSTEM32>\wscript.exe "%WINDIR%\mabi.vbs"
- <SYSTEM32>\rundll32.exe %PROGRAM_FILES%\dnf\stxubzlsd.dll Work
- %WINDIR%\bootCot.dat
- %WINDIR%\mabi.vbs
- %PROGRAM_FILES%\dnf\stxubzlsd.dll
- %WINDIR%\158.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\158[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\000[1].htm
- <SYSTEM32>\weakie5.dat
- <SYSTEM32>\weakie1.dat
- C:\hm04.exe
- C:\ОдХЯ.exe
- <SYSTEM32>\weakie4.dat
- <SYSTEM32>\weakie3.dat
- <SYSTEM32>\weakie2.dat
- <SYSTEM32>\weakie4.dat
- <SYSTEM32>\weakie5.dat
- <SYSTEM32>\weakie3.dat
- <SYSTEM32>\weakie1.dat
- <SYSTEM32>\weakie2.dat
- %WINDIR%\mabi.vbs
- C:\hm04.exe
- 'localhost':1040
- 'www.dn##44.com':80
- 'fw.#q.com':80
- 'localhost':1035
- 'www.dn##020.com':80
- www.dn##44.com/baidu/158.exe
- fw.#q.com/ipaddress
- www.dn##020.com/000.htm
- DNS ASK www.dn##44.com
- DNS ASK fw.#q.com
- DNS ASK www.dn##020.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''