Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsHost' = 'C:\ProgramData\System\csrss.exe'
- 'C:\ProgramData\System\csrss.exe'
- 'C:\ProgramData\System\csrss.exe' (загружен из сети Интернет)
- '<SYSTEM32>\attrib.exe' +s +h C:\ProgramData\System
- C:\ProgramData\System\start.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\start[1].bat
- C:\ProgramData\System\dasHosts.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\wuacult[1].exe
- C:\ProgramData\System\csrss.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\csrss[1].exe
- C:\ProgramData\System\wuacult.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\dasHosts[1].exe
- C:\ProgramData\System\pthreadVC2.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\pthreadVC2[1].dll
- C:\ProgramData\System\chrome.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\msvcr100[1].dll
- C:\ProgramData\System\jansson.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\jansson[1].dll
- C:\ProgramData\System\msvcr100.dll
- '37.##1.170.226':80
- 37.##1.170.226/x86/start.bat
- 37.##1.170.226/r6k/wuacult.exe
- 37.##1.170.226/r6k/csrss.exe
- 37.##1.170.226/x86/dasHosts.exe
- 37.##1.170.226/x86/pthreadVC2.dll
- 37.##1.170.226/x86/msvcr100.dll
- 37.##1.170.226/x86/jansson.dll