Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'DTService' = 'rundll32.exe <SYSTEM32>\soundmix.dll,Load'
- '%WINDIR%\000.exe'
- '%ALLUSERSPROFILE%\Templates\temp.exe'
- 'C:\client.exe'
- '%TEMP%\3805.exe'
- '%TEMP%\01supc00_1.9_setup.exe'
- '%TEMP%\bind_40236.exe'
- 'C:\client.exe' (загружен из сети Интернет)
- '%ALLUSERSPROFILE%\Templates\temp.exe' (загружен из сети Интернет)
- '<SYSTEM32>\regsvr32.exe' /s <SYSTEM32>\ATIDEMGRED.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\kuzhansetup[1]
- <SYSTEM32>\soundmix.dll
- %ALLUSERSPROFILE%\Templates\temp.exe
- C:\client.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\client[1].exe
- %WINDIR%\000.exe
- %TEMP%\01supc00_1.9_setup.exe
- %TEMP%\3805.exe
- %TEMP%\bind_40236.exe
- <SYSTEM32>\ATIDEMGRED.dll
- <SYSTEM32>\downews.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\kuzhansetup[1]
- 'www.bt##w.cn':80
- 'fi###.unionsms.net':80
- 'localhost':1037
- www.bt##w.cn/client.exe
- fi###.unionsms.net/kuzhan/kuzhansetup.exe?qu###########
- DNS ASK d.##new.cn
- DNS ASK www.bt##w.cn
- DNS ASK fi###.unionsms.net
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'