Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\srvwebwg] 'Start' = '00000002'
- '%APPDATA%\webbora\webbora.exe'
- '%APPDATA%\webbora\srvwebbora.exe' i
- '%APPDATA%\webbora\webboraset.exe' i
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %TEMP%\nsg2.tmp\System.dll
- %APPDATA%\webbora\uninst.exe
- %APPDATA%\webbora\srvwebbora.exe
- %APPDATA%\webbora\webbora.exe
- %APPDATA%\webbora\webboraset.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\uminfo[1].xml
- %TEMP%\nsg2.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\appver[1].xml
- 'do##.#ebbora.com':80
- 'localhost':1039
- 'pa####r.webbora.com':80
- do##.#ebbora.com/xml/uminfo.xml
- do##.#ebbora.com/xml/appver.xml
- pa####r.webbora.com/log/install.php?ma########################
- DNS ASK do##.#ebbora.com
- DNS ASK pa####r.webbora.com