Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\Application Data\DownloadSave\wsnaxnp.exe'
- %ALLUSERSPROFILE%\Application Data\DownloadSave\ wsnaxnp.exe
- %ALLUSERSPROFILE%\Application Data\DownloadSave\wsnaxnp.exe
- %ALLUSERSPROFILE%\Application Data\DownloadSave\ wsnaxnp.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\list[1].txt
- %ALLUSERSPROFILE%\Application Data\DownloadSave\RCX1.tmp
- %ALLUSERSPROFILE%\Application Data\DownloadSave\RecordPath
- %ALLUSERSPROFILE%\Application Data\DownloadSave\wsnaxnp.exe
- %ALLUSERSPROFILE%\Application Data\DownloadSave\RecordPath
- %ALLUSERSPROFILE%\Application Data\DownloadSave\wsnaxnp.exe
- 'xi#####u.216.159149.com':80
- 'www.ba##u.com':80
- xi#####u.216.159149.com/count.asp?ma##############################################################################################################################################
- xi#####u.216.159149.com/list.txt
- www.ba##u.com/
- DNS ASK xi#####u.216.159149.com
- DNS ASK www.ba##u.com
- '<IP-адрес в локальной сети>':1034
- ClassName: 'Shell_TrayWnd' WindowName: ''