Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Honhserver] 'Start' = '00000002'
- '<SYSTEM32>\Honhcservice.exe'
- 'C:\ANN.exe'
- 'C:\KK.exe'
- '<SYSTEM32>\cmd.exe' /c c:\del_fiovme.bat
- %WINDIR%\Explorer.EXE
- ClassName: 'OLLYDBG' WindowName: ''
- %WINDIR%\Fonts\63b57ca224cef4f987fc987475f15507.dat
- <SYSTEM32>\Honhcservice.dll
- C:\del_fiovme.bat
- %TEMP%\BClib\krnln.fnr
- %TEMP%\BClib\krnln.fne
- %TEMP%\BClib\Exmlrpc.fne
- %TEMP%\BClib\dp1.fne
- %TEMP%\E_4\krnln.fnr
- C:\ANN.exe
- C:\KK.exe
- %TEMP%\E_4\Exmlrpc.fne
- <SYSTEM32>\Honhcservice.exe
- %TEMP%\E_4\dp1.fne
- <SYSTEM32>\Honhcservice.dll
- <SYSTEM32>\Honhcservice.exe
- C:\KK.exe
- 'bb####g.gnway.net':19820
- 'www.xf##f.com':80
- 'localhost':1037
- www.xf##f.com/dnf.txt
- DNS ASK bb####g.gnway.net
- DNS ASK www.xf##f.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''