Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Please Input Service Name] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k imgsvc
- %TEMP%\WERecf1.dir00\svchost.exe.hdmp
- %TEMP%\WERecf1.dir00\appcompat.txt
- %TEMP%\WERecf1.dir00\manifest.txt
- %TEMP%\WERecf1.dir00\svchost.exe.mdmp
- %WINDIR%\FileName.jpg
- C:\Net-Temp.ini
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\ip[1].txt
- %WINDIR%\FileName.jpg
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\ip[1].txt
- C:\Net-Temp.ini
- 'www.ba##u.com':80
- '11#.#2.59.102':83
- www.ba##u.com/ip.txt
- DNS ASK www.ba##u.com