Техническая информация
- '%WINDIR%\setup_2948-177793.exe'
- '%PROGRAM_FILES%\My Cpa\lsmFm.exe'
- '%WINDIR%\xkna_50091177792.exe'
- '%PROGRAM_FILES%\My Cpa\lsmXk.exe'
- '%PROGRAM_FILES%\My Cpa\lsmKh.exe'
- '%WINDIR%\yxku_s[100].exe'
- '%PROGRAM_FILES%\My Cpa\lsoss.exe'
- '%WINDIR%\xkna_50091177792.exe' (загружен из сети Интернет)
- '%WINDIR%\yxku_s[100].exe' (загружен из сети Интернет)
- '%WINDIR%\setup_2948-177793.exe' (загружен из сети Интернет)
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %PROGRAM_FILES%\My Cpa\lsmIe.exe
- %PROGRAM_FILES%\My Cpa\lsmBB.exe
- %PROGRAM_FILES%\My Cpa\lsmXc.exe
- %PROGRAM_FILES%\My Cpa\lsmZb.exe
- %PROGRAM_FILES%\My Cpa\lsmGg.exe
- %WINDIR%\setup_2948-177793.exe
- %WINDIR%\xkna_50091177792.exe
- %PROGRAM_FILES%\My Cpa\lsmSd.exe
- %PROGRAM_FILES%\My Cpa\lsmWz.exe
- %WINDIR%\yxku_s[100].exe
- %TEMP%\nsz3.tmp\processwork.dll
- %PROGRAM_FILES%\My Cpa\lsmKh.exe
- %PROGRAM_FILES%\My Cpa\lsoss.exe
- %PROGRAM_FILES%\My Cpa\lsmFm.exe
- %PROGRAM_FILES%\My Cpa\lsmUu.exe
- %PROGRAM_FILES%\My Cpa\lsmWs.exe
- %PROGRAM_FILES%\My Cpa\lsmXk.exe
- %PROGRAM_FILES%\My Cpa\lsmTq.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'do##.yinyue.fm':80
- 'localhost':1042
- 'do##.##inashangrui.com':80
- 'localhost':1037
- 'do##.#ingfubobo.com':80
- 'localhost':1040
- do##.##inashangrui.com/xkna/xkna_50091177792.exe
- do##.yinyue.fm/open/setup_2948-177793.exe
- do##.#ingfubobo.com/yxku/bind/yxku_s[100].exe
- DNS ASK do##.##inashangrui.com
- DNS ASK do##.yinyue.fm
- DNS ASK do##.#ingfubobo.com