Техническая информация
- [<HKLM>\SYSTEM\ControlSet003\Services\2.21] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\ykvuikli] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\2.21] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\2.21] 'Start' = '00000002'
- '%TEMP%\wngs.dat'
- '<SYSTEM32>\svchost.exe' -k 2.21
- NtQueryDirectoryFile, драйвер-обработчик: haiiym.sys
- NtDeviceIoControlFile, драйвер-обработчик: haiiym.sys
- <SYSTEM32>\haiiym.dll
- <DRIVERS>\haiiym.sys
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\WNGS[1]
- <Текущая директория>\SkinH_EL.dll
- %TEMP%\wngs.dat
- <SYSTEM32>\0004cdbf.ini
- <Текущая директория>\SkinH_EL.dll
- %TEMP%\wngs.dat
- 'mi#####ba2012.3322.org':2001
- 'xt##t.net':80
- 'localhost':1035
- xt##t.net/WNGS/
- DNS ASK mi#####ba2012.3322.org
- DNS ASK xt##t.net
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'