Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '751' = '%TEMP%\773.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '751' = '%TEMP%\207.bat'
- <SYSTEM32>\wscript.exe %TEMP%\536.vbs
- <SYSTEM32>\wscript.exe %TEMP%\919.vbs
- <SYSTEM32>\cmd.exe /c ""%TEMP%\207.bat" "
- <SYSTEM32>\wscript.exe %TEMP%\666.vbs
- %TEMP%\666.vbs
- %TEMP%\536.vbs
- %TEMP%\919.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cd[1].php
- %TEMP%\41.tmp
- %TEMP%\207.bat
- 'xp##bam.cn':80
- 'localhost':1035
- xp##bam.cn/cd.php
- DNS ASK xp##bam.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''