Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MSService_v1.0' = '%WINDIR%\system\servicess.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\system\servicess.exe' = '%WINDIR%\system\servicess.exe:*:Enabled:servicess.exe'
- %WINDIR%\system\servicess.exe
- <SYSTEM32>\MSS_v62.exe /REGSERVER
- <SYSTEM32>\MSS_v62.exe
- %TEMP%\GLJ2.tmp <SYSTEM32>\WinSC.dll
- %WINDIR%\system\servicess.exe
- %TEMP%\nso5.tmp
- %TEMP%\nsj9.tmp
- %TEMP%\SCI6.tmp
- %TEMP%\GLJ2.tmp
- %TEMP%\GLC1.tmp
- <SYSTEM32>\~GLH0001.TMP
- <SYSTEM32>\~GLH0000.TMP
- %TEMP%\GLC1.tmp
- %TEMP%\GLJ2.tmp
- <SYSTEM32>\MSS_v62.exe
- <SYSTEM32>\~GLH0001.TMP в <SYSTEM32>\MSS_v62.exe
- <SYSTEM32>\~GLH0000.TMP в <SYSTEM32>\WinSC.dll
- 'up#.##wweb.com.cn':80
- 'up.###web.com.cn':80
- up#.##wweb.com.cn/cliententry/
- up.###web.com.cn/cliententry/
- DNS ASK up#.##wweb.com.cn
- DNS ASK up.###web.com.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''