Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\usb8028x] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\usb8028] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\EmonSrv] 'Start' = '00000002'
- <SYSTEM32>\lfrmewrk.exe
- <SYSTEM32>\MSRundll.exe <SYSTEM32>\bofang.dll,Always
- <SYSTEM32>\lfrmewrk.exe -i
- <SYSTEM32>\lfrmewrk.exe -s
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\hbcmd.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>\HelpIE.dll"
- NtSetValueKey, драйвер-обработчик: usb8028x.sys
- NtDeleteValueKey, драйвер-обработчик: usb8028x.sys
- NtDeleteKey, драйвер-обработчик: usb8028x.sys
- <SYSTEM32>\hbcmd.dll
- <SYSTEM32>\tmp335.tmp
- <SYSTEM32>\bofang.dll
- <SYSTEM32>\tmp333.tmp
- <SYSTEM32>\lfrmewrk.exe
- <SYSTEM32>\MSRundll.exe
- <SYSTEM32>\83-105-7163
- <DRIVERS>\usb8028.sys
- <DRIVERS>\usb8028x.sys
- %TEMP%\RGInstall.dll
- %TEMP%\usb8028.sys
- %TEMP%\nsd2.tmp
- %TEMP%\bofang.dll
- %TEMP%\usb8028x.sys
- %TEMP%\nsz3.tmp\System.dll
- <SYSTEM32>\tmp334.tmp
- %TEMP%\hbcmd.dll
- %TEMP%\lfrmewrk.exe
- %TEMP%\lfrmewrk.exe
- %TEMP%\RGInstall.dll
- %TEMP%\bofang.dll
- %TEMP%\hbcmd.dll
- 'cc#.#oolans.com':80
- DNS ASK cc#.#oolans.com
- DNS ASK ya###.com.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''