Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\DOCUME~1\%USERNAME%\LOCALS~1\Temp\\rundll65.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'TTP Ad Ctrl' = '{04B21D11-8112-4C32-880C-0531DC50C7FC}'
- '%TEMP%\DXC_Qmm.exe'
- '%TEMP%\rundll65.exe'
- '%TEMP%\DXC_SK.exe'
- '%TEMP%\DXC_C789.exe'
- '%TEMP%\rundll65.exe' (загружен из сети Интернет)
- '<SYSTEM32>\cmd.exe' /c ""c:\test.bat" "
- '<SYSTEM32>\calc.exe'
- '%WINDIR%\regedit.exe'
- <SYSTEM32>\calc.exe
- %WINDIR%\Explorer.EXE
- %WINDIR%\regedit.exe
- <SYSTEM32>\dnfset.cyc
- %TEMP%\rundll65.exe
- C:\test.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\77fd0f972d6e4fcbdc2e321215e7b9d4[1].CSS&response-cache-control=private
- %TEMP%\DXC_C789.exe
- %TEMP%\DXC_SK.exe
- %PROGRAM_FILES%\TTPlayer\TTPAdvCtrl.dll
- %TEMP%\DXC_Qmm.exe
- %TEMP%\DXC_C789.exe
- %TEMP%\DXC_Qmm.exe
- '12#.#25.114.144':80
- 'localhost':1037
- 'localhost':1036
- 12#.#25.114.144/p-4537d181d41fe6a1054a82b4d3a9f8d4/77fd0f972d6e4fcbdc2e321215e7b9d4?si##############################################################################################################################################################
- DNS ASK to##.duowan.com
- DNS ASK bs.##idu.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'