Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ias] 'Start' = '00000002'
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ias\Parameters" /v ServiceDll /t REG_EXPAND_SZ /d <SYSTEM32>\Ias32.dll
- '<SYSTEM32>\cmd.exe' /c temp.bat
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0TMX2Z45\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\82YD1VHA\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8DMYT6UJ\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OH63GPIN\desktop.ini
- <Текущая директория>\temp.bat
- %WINDIR%\system\config_shenghai.dat
- <SYSTEM32>\svchost.log
- <SYSTEM32>\Ias32.dll
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OH63GPIN\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8DMYT6UJ\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\82YD1VHA\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0TMX2Z45\desktop.ini
- <Текущая директория>\temp.bat
- '20#.#6.232.182':80
- 20#.#6.232.182/info/privacy_security.htm
- DNS ASK www.microsoft.com