Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ias] 'Start' = '00000002'
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\723PBFSK\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\M1WD0FQT\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OVDAE7QT\ip[1].txt
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UZO76LOJ\desktop.ini
- %TEMP%\107765.TxT
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OVDAE7QT\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\723PBFSK\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\M1WD0FQT\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OVDAE7QT\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UZO76LOJ\desktop.ini
- <SYSTEM32>\config\SysEvent.Evt
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OVDAE7QT\ip[1].txt
- <SYSTEM32>\config\AppEvent.Evt
- <SYSTEM32>\config\SecEvent.Evt
- 'yk.##8qj.com':80
- yk.##8qj.com/ip.txt
- DNS ASK www.ba##u.com
- DNS ASK yk.##8qj.com