Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RasAuto] 'Start' = '00000002'
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9YBOPQ3\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\REMGFOQP\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C75LPWUS\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9GVCEEJO\desktop.ini
- %TEMP%\hbkdvni.dll
- <SYSTEM32>\knrsyspo.exe
- %WINDIR%\Temp\56acd8.tmp
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9GVCEEJO\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C75LPWUS\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\REMGFOQP\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9YBOPQ3\desktop.ini
- %TEMP%\hbkdvni.dll в <SYSTEM32>\hbkdvni.dll
- 'gu##.net':80
- 'www.sh###yip.com':80
- gu##.net/api/list/get_all.xml?ap####################################
- www.sh###yip.com/
- DNS ASK gu##.net
- DNS ASK www.sh###yip.com