Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'OpenApi' = '<SYSTEM32>\asropen.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PlaySys' = '<SYSTEM32>\dmsplay.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MainPro' = '<SYSTEM32>\asropen.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MainPro' = '<SYSTEM32>\msamand.exe'
- <SYSTEM32>\asropen.exe
- <SYSTEM32>\asropen.exe (загружен из сети Интернет)
- <SYSTEM32>\reg.exe delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MouseApi /f
- <SYSTEM32>\reg.exe delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v NavTray /f
- <SYSTEM32>\reg.exe delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v FineApp /f
- <SYSTEM32>\reg.exe delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MainApp /f
- <SYSTEM32>\reg.exe delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MadeTray /f
- <SYSTEM32>\asropen.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\asropen[1].exe
- %TEMP%\~DFE9B4.tmp
- 'lo#####.elogin.co.kr':80
- 'localhost':1038
- lo#####.elogin.co.kr/main_check/asropen.exe
- DNS ASK lo#####.elogin.co.kr