Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinHldp3f2] 'Start' = '00000002'
- '%WINDIR%\Temp\1333.exe' /pid=2828
- '<SYSTEM32>\clientex.exe'
- '%WINDIR%\Temp\1333.exe' /pid=3244
- '<SYSTEM32>\WinfHfhfy32.exe' /pid=2972
- '%WINDIR%\Temp\xiazaizhe.exe'
- '%WINDIR%\Temp\1333.exe'
- '<SYSTEM32>\WinfHfhfy32.exe'
- '%WINDIR%\Temp\sq3601.exe'
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\count[1].asp
- <SYSTEM32>\clientex.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\down[1].txt
- <SYSTEM32>\WinfHfhfy32.exe
- %WINDIR%\Temp\1333.exe
- %WINDIR%\Temp\xiazaizhe.exe
- %WINDIR%\Temp\sq3601.exe
- <SYSTEM32>\WinfHfhfy32.exe
- %WINDIR%\Temp\sq3601.exe
- %WINDIR%\Temp\xiazaizhe.exe в %WINDIR%\Temp\ERRRRRRR.dat
- 'any':19990
- 'ha#######.t854f8k5.idc0394.com':80
- ha#######.t854f8k5.idc0394.com/down.txt
- ha#######.t854f8k5.idc0394.com/count.asp?ma###########################################
- DNS ASK www.18##ou.com
- DNS ASK ha#######.t854f8k5.idc0394.com