Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\srvPlgProtect] 'Start' = '00000002'
- '%APPDATA%\okitspace\protect\PluginProtect.exe'
- %APPDATA%\okitspace\uninstall.exe
- %APPDATA%\okitspace\protect\config.xml
- %APPDATA%\okitspace\protect\files\version
- %APPDATA%\okitspace\protect\files\plugin.zip
- %APPDATA%\okitspace\protect\utilsDll.dll
- %APPDATA%\okitspace\protect\PluginProtect.exe
- %TEMP%\nse2.tmp\SimpleSC.dll
- %APPDATA%\okitspace\protect\sqlite3.exe
- %APPDATA%\okitspace\protect\Interop.Shell32.dll
- %APPDATA%\okitspace\protect\files\plugin.zip
- %TEMP%\nse2.tmp\SimpleSC.dll
- 'me###.vitjvitj.com':80
- 'wp#d':80
- me###.vitjvitj.com/xmlstatic/installers/plugins/okitspace/lastplugin/version
- me###.vitjvitj.com/xmlstatic/installers/plugins/okitspace/lastplugin/plugin.zip
- wp#d/wpad.dat
- me###.vitjvitj.com/xmlstatic/installers/plugins/okitspace/version/version
- DNS ASK me###.vitjvitj.com
- DNS ASK wp#d