Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\OSEvent] 'Start' = '00000002'
- <SYSTEM32>\s.exe
- <SYSTEM32>\tmp.exe
- <SYSTEM32>\s.exe -i
- <SYSTEM32>\s.exe -s
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\IX2BSLIX\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\FFE4QH8Y\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\desktop.ini
- %WINDIR%\Temp\History\History.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\4TI7G5Y3\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\V2L1J3GD\desktop.ini
- %TEMP%\y7fuxb\s.exe
- %TEMP%\y7fuxb\s.exe.tmp
- %TEMP%\y7fuxb\2.tmp
- %TEMP%\y7fuxb\_uninstall
- %TEMP%\y7fuxb\tmp.exe
- %TEMP%\y7fuxb\tmp.exe.tmp
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\V2L1J3GD\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\4TI7G5Y3\desktop.ini
- %WINDIR%\Temp\History\History.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\FFE4QH8Y\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\IX2BSLIX\desktop.ini
- %TEMP%\y7fuxb\2.tmp
- %TEMP%\y7fuxb\_uninstall
- %TEMP%\y7fuxb\s.exe.tmp
- %TEMP%\y7fuxb\tmp.exe.tmp
- %TEMP%\y7fuxb\s.exe в <SYSTEM32>\s.exe
- %TEMP%\y7fuxb\tmp.exe в <SYSTEM32>\tmp.exe
- '88#.#43call.cn':80
- '84##.#70304123.cn':80
- 84##.#70304123.cn/?&u###
- DNS ASK 88#.#43call.cn
- DNS ASK 84##.#70304123.cn