Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\mfc64] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\kernel64] 'Start' = '00000002'
- '%WINDIR%\mfc64.exe'
- '<SYSTEM32>\kernel64.exe'
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\shanchu.bat
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://12#.##.108.207:8080/king/statAdd.jsp?pc#########
- <SYSTEM32>\shanchu.bat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\101[1].txt
- %WINDIR%\mfc64.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1[1].txt
- <SYSTEM32>\kernel64.exe
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\101[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1[1].txt
- '61.##1.58.27':81
- 'localhost':8389
- 'sj##.3322.org':80
- sj##.3322.org/101.txt
- sj##.3322.org/1.txt
- DNS ASK sj##.3322.org
- ClassName: '' WindowName: '(null)'