Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1DFAGX' = '%TEMP%\csrss.exe'
- '%TEMP%\csrss.exe'
- '%TEMP%\csrss.exe' -A Mozilla/5.0 -o http://bt####ld.com:8332 -u Kenshin13_1 -p 123 -t 2 -T 99
- '%TEMP%\8fCEDK94jdikMCEK.exe' -p8fCEDK94jdikMCEK -d%HOMEPATH%\Local Settings\Temp
- '%TEMP%\5hRKmxsleSPax.exe' -p5hRKmxsleSPax -d%HOMEPATH%\Local Settings\Temp
- '%TEMP%\5Fr4ecJfn4SWdr56.exe' -p5Fr4ecJfn4SWdr56 -d%HOMEPATH%\Local Settings\Temp
- '<SYSTEM32>\wscript.exe' "%TEMP%\8fCEDK94jdikMCEK.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\5Fr4ecJfn4SWdr56.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\5hRKmxsleSPax.vbs"
- ClassName: 'OLLYDBG' WindowName: '(null)'
- ClassName: 'FileMonClass' WindowName: '(null)'
- %TEMP%\8fCEDK94jdikMCEK.exe
- %TEMP%\8fCEDK94jdikMCEK.vbs
- %TEMP%\csrss.exe
- %TEMP%\5Fr4ecJfn4SWdr56.vbs
- %TEMP%\5hRKmxsleSPax.exe
- %TEMP%\5hRKmxsleSPax.vbs
- %TEMP%\5Fr4ecJfn4SWdr56.exe
- 'bt###ild.com':8332
- DNS ASK bt###ild.com
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '18467-41' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'