Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\regti] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\fanti] 'Start' = '00000001'
- '<SYSTEM32>\rundll32.exe' /s "%WINDIR%\msnsa4.dll",SendStatisticDataOnInstall
- '<SYSTEM32>\rundll32.exe' /s "%WINDIR%\msnsa4.dll",UpdateIFEOInfo
- NtSetValueKey, драйвер-обработчик: regti.sys
- NtDeleteValueKey, драйвер-обработчик: regti.sys
- NtDeleteKey, драйвер-обработчик: regti.sys
- <DRIVERS>\fanti.sys
- %WINDIR%\msnsa4.dll
- <DRIVERS>\regti.sys
- %TEMP%\nsz3.tmp\BackOperHelper.dll
- %TEMP%\nse2.tmp
- %WINDIR%\regti.sys
- %WINDIR%\fanti.sys
- %TEMP%\nsz3.tmp\BackOperHelper.dll
- 'to##.kaola.cn':80
- to##.kaola.cn/toolPage/toolSn.jsp
- DNS ASK to##.kaola.cn
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'