Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,<SYSTEM32>\systems.exe'
- C:\115br_setup_baidu.exe (загружен из сети Интернет) 0
- <SYSTEM32>\ping.exe -n 2 www.ba##u.com
- <SYSTEM32>\ntvdm.exe -f -i2
- <SYSTEM32>\ntvdm.exe -f -i1
- C:\TEST.TXT
- %WINDIR%\Temp\scs4.tmp
- C:\115br_setup_baidu.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\115br_setup_baidu[1].exe
- %WINDIR%\Temp\scs3.tmp
- C:\Test.bat
- <SYSTEM32>\systems.exe
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs4.tmp
- C:\Test.bat
- C:\TEST.TXT
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs1.tmp
- 'ie.#15.com':80
- 'localhost':1034
- ie.#15.com/115br_setup_baidu.exe
- DNS ASK ie.#15.com
- DNS ASK www.ba##u.com
- '<IP-адрес в локальной сети>':1036
- '<IP-адрес в локальной сети>':1035
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-96c.970.3b0002'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-964.968.3a0001'