Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Adobe32 ARM' = '"%WINDIR%\Adobe32 ARM\rundll32.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\PnP Service] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\NDnet] 'ImagePath' = '<SYSTEM32>\ip_qos.sys'
- %WINDIR%\Adobe32 ARM\rundll32.exe
- <SYSTEM32>\PnPSvc.exe
- NtQuerySystemInformation, драйвер-обработчик: ip_qos.sys
- NtQueryInformationProcess, драйвер-обработчик: ip_qos.sys
- %WINDIR%\Adobe32 ARM\rundll32.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\client[1].html
- <SYSTEM32>\ip_qos.sys
- <SYSTEM32>\PnPSvc.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\client[1].html
- 'sm##.gmail.com':25
- 'ma##mit.cc':80
- '94.##0.191.201':25
- 'sm##.live.com':25
- '67.##5.160.76':25
- ma##mit.cc/client.html?qu#######
- DNS ASK sm##.gmail.com
- DNS ASK ma##mit.cc
- DNS ASK sm##.mail.ru
- DNS ASK sm##.live.com
- DNS ASK sm##.#ail.yahoo.com