Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\6to4] 'Start' = '00000002'
- '%CommonProgramFiles%\Microsoft Shared\MSInfo\Server.exe'
- '%TEMP%\1.exe'
- '%CommonProgramFiles%\Microsoft Shared\MSInfo\ґ«Жжёч°ж±ѕВ©¶ґІйїґЖч1.0.exe'
- '%TEMP%\server.exe'
- '%TEMP%\传奇各版本漏洞查看器1.1.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "
- %TEMP%\wi175546nd.temp
- %TEMP%\1.exe
- %TEMP%\rundll32.exe
- %TEMP%\7ZSfx000.cmd
- C:\360.dll
- %CommonProgramFiles%\Microsoft Shared\MSInfo\SkinH_EL.dll
- %TEMP%\传奇各版本漏洞查看器1.1.exe
- %TEMP%\server.exe
- C:\Documents and Settings\Local User\userdata.dll
- %CommonProgramFiles%\Microsoft Shared\MSInfo\Server.jpg
- %CommonProgramFiles%\Microsoft Shared\MSInfo\ґ«Жжёч°ж±ѕВ©¶ґІйїґЖч1.0.jpg
- %CommonProgramFiles%\Microsoft Shared\MSInfo\SkinH_EL.dll
- C:\Documents and Settings\Local User\userdata.dll
- %TEMP%\7ZSfx000.cmd
- %CommonProgramFiles%\Microsoft Shared\MSInfo\Server.exe
- %TEMP%\server.exe
- %TEMP%\wi175546nd.temp в C:\Documents and Settings\Rspdates.dll
- %CommonProgramFiles%\Microsoft Shared\MSInfo\Server.jpg в %CommonProgramFiles%\Microsoft Shared\MSInfo\Server.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\ґ«Жжёч°ж±ѕВ©¶ґІйїґЖч1.0.jpg в %CommonProgramFiles%\Microsoft Shared\MSInfo\ґ«Жжёч°ж±ѕВ©¶ґІйїґЖч1.0.exe
- 'ww###o.3322.org':6380
- DNS ASK ww###o.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'