Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'recovery' = '<SYSTEM32>\cmshostms.exe'
- %WINDIR%\Tasks\SA.DAT
- <SYSTEM32>\attrib.exe -s -h ""%TEMP%\PPTPDI~1.EXE""
- %TEMP%\10194d61-5c5c-4261-91aa-436e304f9921
- <SYSTEM32>\cmshostms.exe
- %TEMP%\smss.exe
- %TEMP%\1.tmp.cmd
- <SYSTEM32>\dhcppoolpdb.exe
- <SYSTEM32>\lsaprocctf.ocx
- %TEMP%\a2eb4099-16d3-4bf5-b73e-dbc0d4aa416d
- <SYSTEM32>\dnsipdns.exe
- <SYSTEM32>\rasmspool.exe
- %TEMP%\1.tmp.cmd
- %TEMP%\pptpdispnet.exe
- 'localhost':1045
- '74.##5.232.51':80
- '82.##6.47.163':21
- '82.##6.51.22':80
- 74.##5.232.51/
- 82.##6.51.22http://82.146.51.22/joomla/modules/xsnt-direct.php
- DNS ASK www.google.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''