Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CLsmn' = '<SYSTEM32>\C1smn.exe'
- %TEMP%\wxads.exe
- <SYSTEM32>\svchost.bat
- %TEMP%\wxads.exe (загружен из сети Интернет)
- <SYSTEM32>\svchost.bat (загружен из сети Интернет)
- <SYSTEM32>\wscript.exe "%TEMP%\key.vbs"
- <SYSTEM32>\wscript.exe "<SYSTEM32>\svchost.vbs"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\key[1].txt
- %TEMP%\wxads.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\key[1].txt
- %TEMP%\key.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\wxads[1].exe
- <SYSTEM32>\svchost.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\updata[1].txt
- <SYSTEM32>\svchost.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\updata[1].txt
- '11#.#5.13.72':80
- 'ch###.xicp.net':80
- 'cx####t.oicp.net':80
- ch###.xicp.net/key/key.txt
- 11#.#5.13.72/key/key.txt
- cx####t.oicp.net/key/exe/wxads.exe
- cx####t.oicp.net/key/vbs/updata.txt
- cx####t.oicp.net/key/bat/updata.txt
- DNS ASK ch###.xicp.net
- DNS ASK cx####t.oicp.net
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''