Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'star.exe' = '%WINDIR%\install\star.exe'
- %WINDIR%\install\star.exe
- %WINDIR%\install\star.exe (загружен из сети Интернет)
- %WINDIR%\install\channel.exe
- %WINDIR%\install\login.exe
- %WINDIR%\install\star.exe
- %WINDIR%\install\gx.zip
- %TEMP%\E_N4\spec.fne
- %TEMP%\E_N4\eAPI.fne
- %TEMP%\E_N4\krnln.fnr
- %TEMP%\E_N4\eCompress.fne
- %TEMP%\E_N4\internet.fne
- 'www.cl#.cn':80
- 'cd#.##upload.com':80
- 'www.ba##u.com':80
- www.cl#.cn/banben/yybb.txt
- cd#.##upload.com/down/1265010/gxa.exe
- www.cl#.cn/banben/zbb.txt
- www.ba##u.com/
- cd#.##upload.com/down/1265010/yy.zip
- DNS ASK www.cl#.cn
- DNS ASK cd#.##upload.com
- DNS ASK www.ba##u.com
- ClassName: '' WindowName: 'channel.exe'
- ClassName: '' WindowName: 'login.exe'