Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0A07354E-A092-490f-9597-BA096721A26D}] 'ClsidExtension' = '{053202B5-4539-4c5a-B531-42C754ABBD41}'
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Cloud-Web Diagnostics Service] 'Start' = '00000002'
- %PROGRAM_FILES%\Cloud-Web\cloud-web_svc_2_102.exe /start /i
- %PROGRAM_FILES%\Cloud-Web\cloud-web_svc_2_102.ex_ /u /stop
- <SYSTEM32>\cldiasvc.exe /start /i
- %PROGRAM_FILES%\Cloud-Web\Log\cloudweb_up_20111114.txt
- %PROGRAM_FILES%\Cloud-Web\cloudwebittb.dl_
- %PROGRAM_FILES%\Cloud-Web\cloud-web_svc_2_102.ex_
- <LS_APPDATA>\CloudWeb\user.ini
- %PROGRAM_FILES%\Cloud-Web\cloud_uins.dat
- %PROGRAM_FILES%\Cloud-Web\uninst.exe
- %PROGRAM_FILES%\Cloud-Web\cloud-web_run.ex_
- %TEMP%\~nsis\s40006\cloudwebitnad.dll
- <SYSTEM32>\cldiasvc.exe
- %TEMP%\nss2.tmp\nsProcess.dll
- %PROGRAM_FILES%\Cloud-Web\cloudwebitnad.dl_
- %PROGRAM_FILES%\Cloud-Web\cloudwebit.dl_
- %TEMP%\nss2.tmp\System.dll
- %TEMP%\nss2.tmp\System.dll
- %TEMP%\nss2.tmp\nsProcess.dll
- 'de#####.cloudweb.co.kr':80
- de#####.cloudweb.co.kr/cloud_svc.php?ac#############################################################################################################################################
- de#####.cloudweb.co.kr/cloud_report.php
- DNS ASK de#####.cloudweb.co.kr
- '<IP-адрес в локальной сети>':1035