Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\DiskFISXSrv] 'Start' = '00000002'
- Средство контроля пользовательских учетных записей (UAC)
- %ALLUSERSPROFILE%\Application Data\WCSYHULZI\CSYHULZI.exe
- %TEMP%\aut2.tmp
- %ALLUSERSPROFILE%\Application Data\WCSYHULZI\Zhezi.exe
- %TEMP%\aut3.tmp
- %TEMP%\ImZip.dat
- %TEMP%\aut1.tmp
- %ALLUSERSPROFILE%\Application Data\WCSYHULZI\ImZip.dat
- %ALLUSERSPROFILE%\Application Data\MCSYHULZI\InstallConfig.dat
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'www.zg##m.com':80
- 'd1.##grm.com':80
- www.zg##m.com/ipost.php?a=########################################################################################################################
- d1.##grm.com/imzip.rar
- DNS ASK www.zg##m.com
- DNS ASK d1.##grm.com
- ClassName: 'Shell_TrayWnd' WindowName: ''