Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'BarClient.exe' = '%TEMP%\BarClient.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'mstsc' = '<SYSTEM32>\com\explorer.exe'
- '<SYSTEM32>\Com\explorer.exe'
- '%TEMP%\BarClient.exe' Update
- '%TEMP%\tongji001.exe'
- 'C:\wh\BarClient.exe'
- '%TEMP%\ХгЅBarClient.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %TEMP%\Logs\LOG_2014-12-18.log
- %TEMP%\Sdp.InterfaceFrame.Common.dll
- %TEMP%\Logs\User_2014-12-18.log
- %TEMP%\Logs\IMP_2014-12-18.log
- %TEMP%\ХгЅBarClient.exe
- C:\wh\BarClient.exe
- <SYSTEM32>\Com\explorer.exe
- %TEMP%\tongji001.exe
- <SYSTEM32>\Com\explorer.exe
- %TEMP%\tongji001.exe
- %TEMP%\ХгЅBarClient.exe в %TEMP%\BarClient.exe
- 'localhost':1040
- '58.##1.57.116':83
- '12#.#25.114.144':80
- '58.##1.57.116':86
- DNS ASK www.ba##u.com
- '22#.#24.224.224':9050
- ClassName: 'SysPager' WindowName: ''
- ClassName: 'ToolbarWindow32' WindowName: ''
- ClassName: 'TrayNotifyWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''