Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\bbbc] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Imsvc] 'Start' = '00000002'
- %TEMP%\MIS_1015_0.EXE
- %TEMP%\live.exe
- %TEMP%\cx_1015.exe
- <SYSTEM32>\rundll32.exe %PROGRAM_FILES%\hhhi\ooop.dll,Service
- <SYSTEM32>\rundll32.exe <SYSTEM32>\Webmail.dll,RundllInstall
- %PROGRAM_FILES%\hhhi\jjjk.ini
- %PROGRAM_FILES%\hhhi\lllm.dll
- %PROGRAM_FILES%\hhhi\eeef.ini
- %PROGRAM_FILES%\hhhi\ddde\ddde.ini
- %PROGRAM_FILES%\hhhi\jjjk\jjjk.ini
- %PROGRAM_FILES%\hhhi\ooop.dll
- %TEMP%\live.exe
- %TEMP%\cx_1015.exe
- %TEMP%\nsc2.tmp
- %PROGRAM_FILES%\hhhi\gggh.ini
- %TEMP%\invison.exe
- <SYSTEM32>\Webmail.dll
- %TEMP%\MIS_1015_0.EXE
- C:\~de5.tmp
- %TEMP%\live.exe
- %TEMP%\cx_1015.exe
- %TEMP%\MIS_1015_0.EXE в C:\~de5.tmp
- %TEMP%\invison.exe в %TEMP%\MIS_1015_0.EXE
- 'up####.borlander.cn':80
- 'ac####.borlander.com.cn':80
- up####.borlander.cn/updmms1/updvsnex.ini
- up####.borlander.cn/updmms1/updateex.ini
- ac####.borlander.com.cn/active?t=######################################
- DNS ASK up####.borlander.cn
- DNS ASK ac####.borlander.com.cn
- ClassName: '_mms_wnd_' WindowName: '_mms_wnd_'