Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SSDT] 'ImagePath' = '%TEMP%\ssdt.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\TesSafe] 'Start' = '00000000'
- '<SYSTEM32>\cmd.exe' /c C:\deleteme.bat
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\notepad.exe'
- <SYSTEM32>\svchost.exe
- %TEMP%\ssdt.sys
- C:\deleteme.bat
- C:\boot\127171.dll
- C:\TraceLog.txt
- %TEMP%\ssdt.sys
- 'localhost':1043
- 'yz.##zsfz.com':90
- 'cm###.f3322.net':54680
- 'ip.#322.net':80
- 'www.ip##8.com':80
- http://www.ip##8.com/ips138.asp?ip####
- http://ip.#322.net/
- DNS ASK cm###.f3322.net
- DNS ASK yz.##zsfz.com
- DNS ASK ip.#322.net
- DNS ASK www.ip##8.com
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''