Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{H9I12RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK}] 'stubpath' = ''
- %WINDIR%\Tasks\ВМ»Ї.bat
- %WINDIR%\Tasks\wsock32.dll
- %WINDIR%\Tasks\csrss.exe
- %WINDIR%\Tasks\hackshen.vbs
- <SYSTEM32>\wincap.exe (загружен из сети Интернет)
- %WINDIR%\Tasks\csrss.exe
- "%TEMP%\jap2NaqPZ0.pif" (загружен из сети Интернет)
- <SYSTEM32>\ipconfig.exe
- <SYSTEM32>\cmd.exe /c c:\mfxixue.bat
- <SYSTEM32>\wincap.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\arp[1].exe
- <SYSTEM32>\arps.com
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\wincap[1].exe
- C:\mfxixue.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\2[1].exe
- %TEMP%\jap2NaqPZ0.pif
- 'wu######.one.hackant.com':80
- 'sh####.one.hackant.com':80
- '<IP-адрес в локальной сети>':80
- '<IP-адрес в локальной сети>':445
- 'localhost':1038
- wu######.one.hackant.com/tj/ct.asp?ma####################
- sh####.one.hackant.com/a.exe
- wu######.one.hackant.com/arp.exe
- wu######.one.hackant.com/2.exe
- wu######.one.hackant.com/wincap.exe
- DNS ASK sh####.one.hackant.com
- DNS ASK wu######.one.hackant.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'AfxControlBar42s' WindowName: ''