Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\OSEvent] 'Start' = '00000002'
- <SYSTEM32>\s.exe
- <SYSTEM32>\tmp.exe
- <SYSTEM32>\s.exe -i
- <SYSTEM32>\s.exe -s
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\23E52HGD\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\9OAZERJJ\desktop.ini
- %WINDIR%\Temp\History\History.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\KXING9EF\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\8PR83IAT\desktop.ini
- %TEMP%\vy46\_uninstall
- %TEMP%\vy46\b.exe
- %TEMP%\vy46\b.exe.tmp
- %TEMP%\vy46\2.tmp
- %TEMP%\vy46\s.exe.tmp
- %TEMP%\vy46\tmp.exe
- %TEMP%\vy46\tmp.exe.tmp
- %TEMP%\vy46\s.exe
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\8PR83IAT\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\KXING9EF\desktop.ini
- %WINDIR%\Temp\History\History.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\23E52HGD\desktop.ini
- %WINDIR%\Temp\Temporary Internet Files\Content.IE5\9OAZERJJ\desktop.ini
- %TEMP%\vy46\2.tmp
- %TEMP%\vy46\b.exe
- %TEMP%\vy46\_uninstall
- %TEMP%\vy46\b.exe.tmp
- %TEMP%\vy46\s.exe.tmp
- %TEMP%\vy46\tmp.exe.tmp
- %TEMP%\vy46\s.exe в <SYSTEM32>\s.exe
- %TEMP%\vy46\tmp.exe в <SYSTEM32>\tmp.exe
- '88#.#43call.cn':80
- '84##.#70304123.cn':80
- 84##.#70304123.cn/?&u###
- DNS ASK 88#.#43call.cn
- DNS ASK 84##.#70304123.cn