Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ssst] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\bbbc] 'Start' = '00000002'
- %TEMP%\AIS_1371_0.EXE
- %TEMP%\MIS_1371_0.EXE
- <SYSTEM32>\rundll32.exe %PROGRAM_FILES%\nnno\xxxy.dll,Service -s
- <SYSTEM32>\rundll32.exe %PROGRAM_FILES%\hhhi\ooop.dll,Service
- <SYSTEM32>\rundll32.exe
- %PROGRAM_FILES%\nnno\aaab.dll
- %PROGRAM_FILES%\hhhi\ooop.dll
- %PROGRAM_FILES%\hhhi\lllm.dll
- %PROGRAM_FILES%\hhhi\jjjk.ini
- <SYSTEM32>\uuuv.uni
- %PROGRAM_FILES%\nnno\rrrs.ini
- %PROGRAM_FILES%\nnno\cccd.dll
- %PROGRAM_FILES%\nnno\fffg.dll
- %TEMP%\insshell.exe
- %PROGRAM_FILES%\hhhi\gggh.ini
- %TEMP%\nsq2.tmp
- %TEMP%\invison.exe
- %PROGRAM_FILES%\nnno\xxxy.dll
- %PROGRAM_FILES%\nnno\iiij.ini
- %PROGRAM_FILES%\hhhi\eeef.ini
- %PROGRAM_FILES%\nnno\mmmn.ini
- %TEMP%\MIS_1371_0.EXE
- %TEMP%\AIS_1371_0.EXE
- C:\~de4.tmp
- C:\~de3.tmp
- %TEMP%\AIS_1371_0.EXE в C:\~de3.tmp
- %TEMP%\MIS_1371_0.EXE в C:\~de4.tmp
- %TEMP%\invison.exe в %TEMP%\MIS_1371_0.EXE
- %TEMP%\insshell.exe в %TEMP%\AIS_1371_0.EXE
- 'ac####.borlander.com.cn':80
- ac####.borlander.com.cn/active?t=###########################################
- ac####.borlander.com.cn/active?t=######################################
- DNS ASK up####.borlander.cn
- DNS ASK ac####.borlander.com.cn
- ClassName: '_stdup_cha_wnd_' WindowName: '_stdup_cha_wnd_'
- ClassName: '_mms_wnd_' WindowName: '_mms_wnd_'