Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\windowstut] 'Start' = '00000002'
- <SYSTEM32>\imm32.dll файлом <SYSTEM32>\oldimm32.bak
- 'C:\ssstars.scr' /S
- 'C:\Server.exe'
- 'C:\qiang.exe'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- %WINDIR%\FuckYou.txt
- <SYSTEM32>\nt32.dll
- %TEMP%\244187_res.tmp
- C:\Server.exe
- C:\qiang.exe
- <SYSTEM32>\oldimm32.bak
- C:\ssstars.scr
- <SYSTEM32>\nt32.dll
- C:\Server.exe
- C:\qiang.exe
- %WINDIR%\FuckYou.txt
- <SYSTEM32>\imm32.dll в <SYSTEM32>\imm32.dllxfGg4x.tmp
- %TEMP%\244187_res.tmp в <SYSTEM32>\360.dll
- 'hb.##.blueline.be':1989
- DNS ASK hb.##.blueline.be
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'WindowsScreenSaverClass' WindowName: 'Screen Saver'