Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\vucnm] 'Start' = '00000002'
- '<SYSTEM32>\rundll32.exe' C:/WINDOWS/pMdzg1W/ik16yO5.dll,DllLoadX dHlwZTpwMnAgcGF0aDogZnVuY25hbWU6QDc1IHBhcmFtOg==
- '<SYSTEM32>\rundll32.exe' C:/WINDOWS/pMdzg1W/ik16yO5.dll,DllLoad dHlwZTpwMnAgcGF0aDogZnVuY25hbWU6QDcxIHBhcmFtOg==
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\rundll32.exe
- <Текущая директория>\hU0MmSq.sys
- C:\p2pmain.txt
- C:\guard.txt
- %WINDIR%\pMdzg1W\ik16yO5.dll
- %WINDIR%\pMdzg1W\xfpaP5W.dll
- %WINDIR%\SBYQDLP\sccon0987.txt
- <Текущая директория>\hU0MmSq.sys
- 'localhost':10587
- 'np##.#oomeng.com':80
- 'www.so.com':80
- http://np##.#oomeng.com/icafeads/?us############################################
- DNS ASK np##.#oomeng.com
- DNS ASK www.so.com
- DNS ASK www.ba##u.com
- ClassName: 'Progman' WindowName: ''