Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Aamqw' = '<SYSTEM32>\oakleyq.exe'
- <SYSTEM32>\oakleyq.exe
- %TEMP%\z.exe
- <SYSTEM32>\ntvdm.exe -f -i1
- <SYSTEM32>\ipconfig.exe /flushdns
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\bmrlffmruz.dll"
- %HOMEPATH%xplore.exe
- <SYSTEM32>\oakleyq.exe
- %WINDIR%\Temp\scs4.tmp
- %TEMP%\~unins7015.bat
- %WINDIR%\Temp\scs5.tmp
- %TEMP%\z.exe
- %TEMP%\nsv3.tmp.dll
- %TEMP%\nsw2.tmp\System.dll
- <SYSTEM32>\pvjxjtanffshgzluv.exe
- %TEMP%\ap1A2B4.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\nsi_install[1].php
- <SYSTEM32>\oakleyq.exe
- %WINDIR%\Temp\scs5.tmp
- <SYSTEM32>\Restore\MachineGuid.txt
- %TEMP%\z.exe
- %TEMP%\ap1A2B4.tmp
- %TEMP%\nsw2.tmp\System.dll
- %WINDIR%\Temp\scs4.tmp
- %TEMP%\nsv3.tmp.dll в <SYSTEM32>\bmrlffmruz.dll
- 'vi###ryltd.net':80
- 'im###hut4.cn':80
- 'localhost':1035
- 'g0.####nuebuster.net':80
- im###hut4.cn/update/utu.dat
- g0.####nuebuster.net//bc/nsi_install.php?in##################################################################################
- DNS ASK im###hut4.cn
- DNS ASK vi###ryltd.net
- DNS ASK g0.####nuebuster.net
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-af4.af8.390001'
- ClassName: 'Shell_TrayWnd' WindowName: ''