Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = '%TEMP%\svchost.exe'
- '%TEMP%\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c <Текущая директория>\Demon.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\count[1].asp
- %TEMP%\Vbsuess.list
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\count[1].asp
- %TEMP%\huzhengyang.jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\c83d70cf3bc79f3d10a709a9bba1cd11738b29e1[1].jpg
- %TEMP%\svchost.exe
- <Текущая директория>\Demon.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\top[1].ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\count[1].asp
- %TEMP%\huzhengyang.jpg
- %TEMP%\~DF7BA1.tmp
- '11#.#38.187.237':80
- 'a.#####tos.bdimg.com':80
- 'localhost':1035
- '17#.#39.231.130':80
- 17#.#39.231.130/count.asp?ma###############################################################################################
- a.#####tos.bdimg.com/album/s%3D1400%3Bq%3D90/sign=e18c48fb9922720e7fcee6fe4bfb3137/c83d70cf3bc79f3d10a709a9bba1cd11738b29e1.jpg
- 17#.#39.231.130/count.asp?ma###################################################################################################################
- 17#.#39.231.130/count.asp?ma################################################################
- 11#.#38.187.237/cs/top.ico
- DNS ASK a.#####tos.bdimg.com
- ClassName: '(null)' WindowName: 'SmartSniff'