Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AnMemoMain' = '"%PROGRAM_FILES%\AnMemo\AnMemoup.exe" /up'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\AnMemo\AnMemo.exe' = '%PROGRAM_FILES%\AnMemo\AnMemo.exe:*:Enabled:AnMemo'
- '<SYSTEM32>\cmd.exe' /c \DelUS.bat
- %TEMP%\nso2.tmp\IEFunctions.dll
- %TEMP%\nso2.tmp\IsVista.dll
- %TEMP%\nso2.tmp\stack.dll
- C:\DelUS.bat
- %TEMP%\nso2.tmp\SelfDelete.dll
- %TEMP%\nso2.tmp\DLLWebCount_new.dll
- %PROGRAM_FILES%\AnMemo\Uninstall.exe
- %PROGRAM_FILES%\AnMemo\AnMemo.exe
- %TEMP%\nso2.tmp\DLLWaitForKillProgram.dll
- %TEMP%\nso2.tmp\KillProcDLL.dll
- %PROGRAM_FILES%\AnMemo\partner.ini
- %PROGRAM_FILES%\AnMemo\cli.dat
- %PROGRAM_FILES%\AnMemo\AnMemoUp.exe
- %TEMP%\nso2.tmp\KillProcDLL.dll
- %TEMP%\nso2.tmp\SelfDelete.dll
- %TEMP%\nso2.tmp\stack.dll
- %TEMP%\nso2.tmp\IsVista.dll
- %TEMP%\nso2.tmp\DLLWaitForKillProgram.dll
- %TEMP%\nso2.tmp\DLLWebCount_new.dll
- %TEMP%\nso2.tmp\IEFunctions.dll
- 'lo#.##sence.co.kr':80
- lo#.##sence.co.kr/logexp.php?ai############################
- DNS ASK lo#.##sence.co.kr
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'