Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\CryptoServices] 'Start' = '00000002'
- C:\Userss\userq\doc\svchost.exe
- <SYSTEM32>\net1.exe start CryptoServices
- <SYSTEM32>\cmd.exe /c ""C:\Userss\userq\doc\spy.bat" "
- <SYSTEM32>\wscript.exe "C:\Userss\userq\doc\spy.vbs"
- C:\Userss\userq\doc\svchost.exe
- C:\RECYCLER\Cache\WindowsUpdate.log
- C:\RECYCLER\Cache\1C.txt
- C:\Userss\userq\doc\spy.vbs
- C:\Userss\userq\doc\Allinone.bat
- C:\Userss\userq\doc\Mossad And India Spy Agency Team Up, Target Pakistan.doc
- C:\Userss\userq\doc\spy.bat
- 'te####ervices.net':21
- 'gr####eacesite.com':80
- gr####eacesite.com/3.php?p1#############
- gr####eacesite.com/1.php?p1#############
- DNS ASK te####ervices.net
- DNS ASK gr####eacesite.com
- ClassName: 'WordPadClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''