Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'smss.exe' = 'C:\smss.exe'
- '%TEMP%\FunshionInstall_C43423.exe' /S
- '%TEMP%\qvodsetup3.exe'
- '%WINDIR%\UUSEEunion_uuvod_Setup_12076.exe'
- 'C:\f.exe'
- 'C:\smss.exe'
- '%TEMP%\qvodsetup3.exe' (загружен из сети Интернет)
- '%WINDIR%\UUSEEunion_uuvod_Setup_12076.exe' (загружен из сети Интернет)
- '%TEMP%\FunshionInstall_C43423.exe' (загружен из сети Интернет)
- '<SYSTEM32>\wscript.exe' //B "<LS_APPDATA>\Temp\KUSQXNQZJU.vbs"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\download[1].php
- %WINDIR%\UUSEEunion_uuvod_Setup_12076.exe
- %TEMP%\FunshionInstall_C43423.exe
- %TEMP%\qvodsetup3.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\qvodsetup3[1].exe
- C:\smss.exe
- C:\f.exe
- <LS_APPDATA>\Temp\KUSQXNQZJU.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\UUSEEunion_uuvod_Setup_12076[1].exe
- <LS_APPDATA>\Temp\KUSQXNQZJU.vbs
- 'ne#####.funshion.com':80
- 'dl.##wn-soso.cn':80
- 'localhost':1037
- 'do####ad.uusee.com':80
- dl.##wn-soso.cn/a58/qvodsetup3.exe
- ne#####.funshion.com/software/download.php?id######
- do####ad.uusee.com/union/union1/uuvod/UUSEEunion_uuvod_Setup_12076.exe
- DNS ASK dl.##wn-soso.cn
- DNS ASK ne#####.funshion.com
- DNS ASK do####ad.uusee.com
- ClassName: 'Indicator' WindowName: ''