Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\guihost.lnk
- '<SYSTEM32>\ntvdm.exe' -f -i1
- %ALLUSERSPROFILE%\Application Data\0202_C3_34C67\start.bat
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- %ALLUSERSPROFILE%\Application Data\0202_C3_34C67\guihost.exe
- %ALLUSERSPROFILE%\Application Data\0202_C3_34C67\run.bat
- %ALLUSERSPROFILE%\Application Data\0202_C3_34C67\run.vbs
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- <SYSTEM32>\d3d9caps.dat
- <SYSTEM32>\d3d9caps.dat
- 'ct##ent.com':80
- 'wp#d':80
- http://ct##ent.com/4/3cxmr/run.vbs
- http://ct##ent.com/4/3cxmr/start.htm
- http://ct##ent.com/4/3cxmr/run.htm
- http://11#.#11.111.1/wpad.dat via wp#d
- http://ct##ent.com/4/3cxmr/guihost.exe
- DNS ASK ct##ent.com
- DNS ASK wp#d
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-bc4.bc8.380001'
- ClassName: 'Shell_TrayWnd' WindowName: ''