Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UserFaultCheck' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\RemoteAccess] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\OnKey Service] 'Start' = '00000002'
- C:\tencent\AppUpdate.exe
- <SYSTEM32>\net1.exe start RemoteAccess
- <SYSTEM32>\dumprep.exe 1128 -dm 7 7 %WINDIR%\PCHealth\ErrorRep\UserDumps\svchost.exe.20110714-160311-00.mdmp 16325836412030756
- <SYSTEM32>\dumprep.exe 1128 -dm 7 7 %WINDIR%\PCHealth\ErrorRep\UserDumps\svchost.exe.20110714-160311-00.hdmp 16325836412030756
- <SYSTEM32>\svchost.exe -k netsvcs
- %WINDIR%\explorer.exe
- <SYSTEM32>\sc.exe stop RemoteAccess
- <SYSTEM32>\sc.exe config RemoteAccess start= auto
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\info.dat
- %WINDIR%\pchealth\ERRORREP\UserDumps\svchost.exe.20110714-160311-00.hdmp
- %ALLUSERSPROFILE%\Start Menu\Programs\XXX\calc.lnk
- %TEMP%\114500.dll
- C:\tencent\AppUpdate.exe
- %CommonProgramFiles%\Server.dll
- '<IP-адрес в локальной сети>':33
- '<IP-адрес в локальной сети>':13579
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'CSCHiddenWindow' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'BaseBar' WindowName: 'ChanApp'