Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'shandian' = '%PROGRAM_FILES%\shandian\shandian.exe'
- %PROGRAM_FILES%\shandian\bin\shandian.ini
- %PROGRAM_FILES%\shandian\ico\360.ico
- %PROGRAM_FILES%\shandian\bin\sdad.exe
- %PROGRAM_FILES%\shandian\bin\shandian.exe
- %PROGRAM_FILES%\shandian\ico\anquan.ico
- %PROGRAM_FILES%\shandian\config.ini
- %PROGRAM_FILES%\shandian\uninst.exe
- %PROGRAM_FILES%\shandian\ico\ie.ico
- %PROGRAM_FILES%\shandian\ico\taobao.ico
- %TEMP%\nsw2.tmp\xID.dll
- %TEMP%\nsw2.tmp\Md5dll.dll
- %TEMP%\nsw2.tmp\System.dll
- %TEMP%\nsw2.tmp\config0.ini
- %TEMP%\nsw2.tmp\bind.dll
- %PROGRAM_FILES%\shandian\home.bat
- %PROGRAM_FILES%\shandian\shandian.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\stat[1].exe&mac=00-00-00-00-00-01&md5=26b5086c7d9c45796a254dd47c3f9213
- %TEMP%\nsw2.tmp\config.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\stat[1].exe&mac=00-00-00-00-00-01&md5=26b5086c7d9c45796a254dd47c3f9213
- 'st##.fjmjm.com':80
- st##.fjmjm.com/stat/?v=#######################################################################################
- DNS ASK st##.fjmjm.com
- ClassName: 'Indicator' WindowName: '(null)'