Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '<DRIVERS>\svchosts.exe'
- %WINDIR%\Temp\nod32.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\svchosts1[1].exe
- %WINDIR%\Temp\nod32.exe
- <SYSTEM32>\MSWINSCK.OCX
- <DRIVERS>\svchosts.exe
- %WINDIR%\Temp\nod32.exe
- <DRIVERS>\svchosts.exe
- 'hd#####d.persiangig.com':80
- 'localhost':1035
- hd#####d.persiangig.com/download/svchosts1.exe
- DNS ASK hd#####d.persiangig.com
- '<IP-адрес в локальной сети>':1036
- ClassName: '#32770' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Windows Task Manager'