Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe MS-DOS'
- %WINDIR%\system\cmd.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\attachment[1].php
- %WINDIR%\system\up.txt
- %WINDIR%\MS-DOS.exe
- %WINDIR%\system\cmd.exe
- %WINDIR%\MS-DOS.exe
- %TEMP%\~DF97C6.tmp
- %TEMP%\~DFD93.tmp
- %WINDIR%\system\up.txt
- 'pe###.topzj.com':80
- 'localhost':1038
- 'sm##.sina.com':25
- pe###.topzj.com/attachment.php?ai#################################################################################################################
- DNS ASK pe###.topzj.com
- DNS ASK sm##.sina.com
- ClassName: '' WindowName: 'X1003'
- ClassName: '' WindowName: 'X1002'
- ClassName: '' WindowName: 'X1001'